Police in Victoria, Australia, are warning computer owners to be on their guard… not against suspicious arrivals in their email inbox, but malicious USB sticks turning up in their letterboxes:
Members of the public are allegedly finding unmarked USB drives in their letterboxes.
Upon inserting the USB drives into their computers victims have experienced fraudulent media streaming service offers, as well as other serious issues.
The USB drives are believed to be extremely harmful and members of the public are urged to avoid plugging them into their computers or other devices.
According to the report, residents of Melbourne suburb Pakenham have been the unfortunate recipient of the malware-laden thumb drives.
Of course, we’ve known that USB sticks can carry malware for many years and have long warned users against plugging unknown devices into their computers. The method was most infamously used in Stuxnet – a joint US/Israeli operation to disrupt systems at the Natanz uranium enrichment facility in Iran, and other victims of USB attack have included the United Nations Nuclear Agency in the past, amongst many others.
One of the most well-known tricks used by criminals and penetration testers is to leave a poisoned USB stick in the car park of the business they are targeting and wait for a curious employee to pick it up and plug it into their computer.
We’ve even seen boobytrapped USB sticks that can fry your computer hardware within seconds.
Astronauts have even transported malware-infected USB sticks or compact flash cards up to the International Space Station.
So, malware-laden USB sticks are a problem in every corner of the world, and even in orbit.
Every USB stick you receive should be treated with caution – as it could potentially carry a malicious payload as the residents of Pakenham have found out to their cost. Of course, if you have come into possession of an unsolicited USB drive then you should be particularly cautious about plugging it into your computer.
The one potential ray of sunshine in this security thunderstorm? Just how desperate must the criminals have been to target home owners in this way? In some ways it’s rather refreshing that they have had to go to the effort of buying USB sticks, planting malware on them, and then posting them through letterboxes in search of victims… it certainly sounds like harder work than the usual trick of spamming out attacks via email.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.