Could A Thumb Drive Stop Stuxnet?

Kingston launches USB thumb drives with built-in ESET antivirus software to eliminate viruses, Trojan applications, rootkits, and worms.

Is the data stored on your USB thumb drive safe from any malware on a PC it gets plugged into?
USB thumb drive manufacturer Kingston Technology this week announced that two of its drives from the Traveler line -- DataTraveler Vault Privacy and DataTraveler 4000 -- now come with an optional ClevX DriveSecurity feature, which requires 300 MB of the drives space and includes built-in ESET antivirus software for nuking any viruses, worms, Trojan applications, rootkits, or adware that might attempt to infect the drive.
When the drive owner authenticates to the flash drive, DriveSecurity launches immediately. It updates its virus signature and scans any changes (all new files, applications, etc.) to the flash drive, said ESET. Upon user request, it checks the entire flash drive to ensure that it is free of malicious code. ESET also said its anti-malware software contains heuristic malware detection to help identity unknown threats. But the company said that the drives antivirus software wont scan the PC that it gets plugged into.
Is antivirus software on USB thumb drives redundant? Or might it instead have helped prevent the outbreak of such malware as Stuxnet? Indeed, a
USB key carrying Stuxnet
appears to have been responsible for at least some of the resulting infections, which
targeted an Iranian nuclear facility at Natanz
. The caveat with Stuxnet, of course, is that the malware seems to have been introduced on purpose, likely by a U.S. agent, meaning it was meant to infect the USB drive and in turn systems at the facility.
[ Hacking group boasts of government, trade group exploits. Read more at
Team Ghostshell Hackers Claim NASA, Interpol, Pentagon Breaches
. ]
On the other hand, common malware that attempts to infect USB drives remains alive and well, in part because eradicating it is difficult given all of the different ways in which it can spread. For example, ESET last week reported that the second most prevalent virus is an
auto-run worm known as Pronny
, which spreads in part by infecting removable media. Once the worm infects a system, it then hides versions of itself elsewhere, including on network shares, and attempts to infect everything it can touch, including thumb drives.
USB drives can get infected in numerous ways, such as through supply chain insecurities during production. For example,
IBM accidentally distributed thumb drives
at an Australian security conference that were infected malware.
Other infection vectors involve employees using virus-infected kiosks or third-party PCs at airports or Internet cafes, giving the USB key to a friend whose PC happens to have a virus, or using the USB key on a corporate network where a virus is residing.
In practice one sees both unintentional and intentional infection. Stuxnet is an example of the latter, where someone loaded malicious code onto the drive with the intent of getting that code onto a target system, said ESET security evangelist Stephen Cobb in a
blog post
. Unintentional infection can occur when you place your USB flash drive into an inadequately protected system. Sure, you may detect the infection later, when you eventually place your drive into your own computer, but you could do a lot of damage before then.
As an example, Cobb references a case
detailed earlier this year
by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which in 2010 investigated an outbreak of
malware tied to the Mariposa botnet
. While the affected organization wasnt named, the industry was noted as being the nuclear sector.
The investigators traced the infection back to a conference presentation, noting in an advisory that an employee attended an industry event and used an instructors universal serial bus (USB) flash drive to download presentation materials to a laptop. After the employee reconnected their laptop to the corporate network after returning to work, the malware spread, ultimately infecting 100 other network-connected systems.
As malware gets increasingly sophisticated, so, too, must the technology and strategies we use to detect and eradicate it (or, better yet, stop it before it ever makes it onto network systems). Our
Rooting Out Sophisticated Malware
report examines the tools, technologies and strategies that can ease some of the burden. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps