Tuesday update 2: Watch out for “lost” USB drives

Yesterday I got dressed, put my jacket on, grabbed my keys and opened my front door about 8:50, ready for my short walk to work. On the floor in the hallway, in front of my door, I saw a small USB drive. I picked it up and put in my pocket. When the elevator reached the first floor, I went to the main office and turned it into Lesley, our property manager. I figured one of my neighbors dropped it on their way to or from the elevator. Perhaps it fell out as they were reaching for their keys.

However, after I got to work, it started to occur to me that it was very suspicious that the USB drive was lying right outside MY door. USB drops are a common tool for those who want to hack a particular person’s accounts but don’t know any of their login information. They drop a USB drive where they hope the target will find it, and curious to find out who it belongs to, will put it in their computer. There the target might see a file named something like “Tom_resume” which would possibly contain clues as to the owner of the USB drive and address to return it. However, the Tom_resume file would actually contain malware that would install itself on the target’s computer, able to take screenshots and record keystrokes and send them back to an IP address specified by the hacker.

I am aware of that trick and didn’t fall for it, if indeed I was being targeted. But, imagine if I’d put that in my home computer – someone could have gained control of my email, my blog, and who knows what else. Or worse, what if I’d taken the USB drive to work and plugged it in to my computer there: I could have compromised our entire network.

Just want to make my readers aware this scam is out there. If you find a USB drive, best bet is to take it to your computer network administrator at work and let them determine what is on it.

Read on for today’s news.