Kansas State University


IT News

Malware spread by USB flash drives, hitting campus again

Well, the students are back. For us security officers, it’s a love-hate relationship – you love ‘em because they’re young and enthusiastic and they help pay your salary, but you hate ‘em because they bring all kinds of malware to campus. So it’s no surprise that as soon as the semester began I started getting reports of malware spreading via USB flash drives, the first of which was reported by IT support staff who helped students in the residence halls.

To date, we have submitted to Trend Micro three different examples of malware found on USB flash drives at K-State, and in all cases Trend had a solution within 2-3 hours. However, much damage can occur in the time it takes that solution to be distributed to all computers on campus, so something more needs to be done.

To prevent infection by a USB flash drive, I STRONGLY encourage EVERYONE to disable autorun/autoplay on your Windows computers. Ask your IT support person to do this for you if they haven’t already. If you manage your own computer, do a Google search for “disable autorun” and add your particular version of Windows (for example, “disable autorun windows xp”) to find instructions on how to do it. Microsoft has a useful knowledgebase article on the topic.

Disabling Autorun/Autoplay will also be demonstrated at the IT security roundtable at 9-10:30 a.m. Friday, Sept. 11, in Union 213.

Note that this disables autoplay on ALL removable storage, including CDs and DVDs. This is a little less convenient for the user, because when you put in a CD to install new software or a DVD to watch a movie, it will not automatically start up. But neither will malicious software on the student’s thumb drive you plug into your computer, so it’s worth it! Manually starting your movie is much easier than rebuilding an infected computer!

If you find malicious software on a USB flash drive or elsewhere, and Trend Micro OfficeScan does not detect it, please submit it ASAP via K-State’s new malware submission form at SecureIT.k-state.edu/ReportMalware.html.

About Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer