Found a USB stick? Go and infect your PC!

Err. Wait. Please no! USB sticks are not innocent little things. They can quickly mutate into malicious nasty beasts! Just in the recent past, at least two physics experiments were suffering as their control and data acquisition PCs, respectively, were infected by USB sticks holding malicious code. A bit longer ago, a series of laptops were infected at a 2008 computing conference as an infected USB stick made its tour around. Bad luck for those who ran a Windows operating system and inserted that stick…

 

So, you found a USB stick in the cafeteria? Take care. If this were a lollipop, you wouldn’t just pick it up and lick it, would you? So beware of USB sticks whose origin or previous usage you don’t know. They might infect your PC once plugged in. In order to be on the safe side, accept and share only USB sticks whose owner you trust. Run up-to-date anti-virus software on your PC, make sure that its operating system is patched regularly, and turn off the “auto-play” feature (which should already be off by default on recent systems).

If you are involved in the maintenance or development of control systems for accelerators or experiments, please note that the use of USB sticks on such systems is strictly restricted. Any violation (and a subsequent infection of a control PC) is considered to be a professional fault.

For further information, please check our web site or contact us at Computer.Security@cern.ch.

by Computer Security Team