A New Kind of Honey Stick

When I visit the local farmers market with my family, my children are always excited to buy a couple of honey sticks from the local bee keepers.  These are essentially plastic tubes about the size of a straw filled with honey.  Unlike these delicious treats, there is another type of honey stick that isn’t so tasty and could be very harmful to your computer.  The Honey Stick Project, which was started earlier this year, is a research project designed to determine how many people will plug a USB thumb drive that they find in a random place into their computer.  These USB drives have a program on them to “phone home” so that the researcher can determine what percentage of thumb drives distributed to random locations will be accessed.  The results so far?  Out of 33 deployed honey sticks, 42% of them have been accessed.

You may be wondering what the issue is with plugging a found thumb drive into your computer.  I mean hey, who wouldn’t want a free thumb drive, right?  Unfortunately, by installing a thumb drive from an unknown source into your computer you are putting your system at risk of infection by a virus or trojan.  The autorun feature of many operating systems can automatically execute a malicious program on the drive which could lead to the compromise of the machine.  Such a compromise could lead the theft of your bank account information, personal information, usernames, passwords and more.  So if you ever find a USB drive or any other type of media (CDROM, DVD, etc), don’t put it in your machine unless you are feeling very lucky that day.

A well known technique used to test the security of a company’s network is to distribute a few thumb drives in the parking lot of the target company.  These thumb drives will have software on them that will automatically install when the drive is plugged into a computer leading to the compromise of the system and potentially other systems within the corporate network.  Many unsuspecting people will see these thumb drives while walking through the parking lot, pick it up and plug it in to their computer.  Our curiosity often gets the best of us leading to unintented consequences (like a visit from the corporate security administrator).

Recently a virus was detected on laptops used in the International Space Station.  It is suspected that they were transmitted via shared USB drives.  There was nothing sweet in those sticks!

Comments are closed.