USB top method to spread malware

News 18 May, 2010

Despite living in an online age, the USB worm has made a comeback according to McAfee’s latest security report.

The technique of spreading malware has reverted to an old school method, using USB ports as a point of entry.

This was the finding of McAfee’s latest quarterly threat report, which showed USB worms as the top offender for the start of 2010.

“Go back 20 years and malware used USBs to spread,” said Greg Day, director of security strategy in EMEA for McAfee, in an interview with IT PRO. “But we have been living in an age of internet and networking malware.”

“The report has [shown that] this old technique, that was long forgotten, has come back.”

Day said the increase of remote working, with more people using their own devices in and out of the office – be it USB sticks, laptops, tablets or smartphones – is making security even more challenging.

However, it was not all bad news as the number of malware infections had actually decreased compared to the same quarter last year, from 4.5 million to 3.75 million.

“It is a small dent in a big number so we can’t rush around and celebrate,” said Day. “But it may mean we are seeing some of the malware toolkits reach maturity and slow down.”

Trends in spam had stayed pretty similar to previous years. The “embarrassment factor” was still playing a part in online sales of pharmaceuticals or male enhancement treatments, while “smart, socially engineered” spamming was having more of an effect, playing on people’s fears and concerns such as emails about tax scams or fake anti-virus software.

The global trends are echoed in the UK, Day noted.

“By the nature of the fact the UK uses the English language, we overlap with a lot of the problems,” said Day, as the majority of malicious malware is written in our native tongue.

He noted there were a few more specific areas where Britons were falling victim, such as email bounce backs – tricking you into giving away your password for a “reset” – product sales and social networking scams.