Malware-infected USB sticks delivered to mailboxes in Melbourne

Posted Sep 21, 2016 by James Walker
Australia's Victoria Police Force has warned homeowners not to use USB sticks being dropped through the mailboxes of one Melbourne suburb. It comes after a recent flood of reports from members of the public who have found compromised unmarked drives.
Infected USB sticks delivered to mailboxes in Melbourne
Infected USB sticks delivered to mailboxes in Melbourne
Victoria Police Force
In a statement, the police force said people who tried to use the sticks have experienced "fraudulent media streaming service offers" and unspecified "serious issues." It warned all residents not to use any flash drives found in their letterbox, describing the sticks as "extremely harmful."
USB drives can be an effective way to spread malware among computer users. People are often intrigued when they find a USB stick, connecting it to their PC to see what's on it. Malware is then loaded from the drive. It can run in the background without the user's knowledge and could be present on devices that appear to be empty of files.
The attack has a high success rate because so many people willingly connect USB drives to their computers. Earlier this year, an experiment run by the University of Illinois concluded that USB-based attacks succeed between 45 percent and 98 percent of the time. A team dropped almost 300 USB sticks around the university's campus and then monitored them to see how many were plugged in once found.
The researchers found most people connected the drives out of curiosity and with altruistic intentions. They concluded that users who connected the drives "do not belong to a unique subpopulation" and aren't technically incompetent relative to their peers. It suggests the majority of the population would be inclined to connect a USB stick to their computer if they found it on the street.
It's likely to be a similar story with letterbox attacks. People will connect the drives to their computers without considering the potential consequences. It appears as though not everyone views the strange circumstances surrounding the unmarked drives' arrival a sufficient reason to avoid using them.
Part of the problem is that few computer users are aware that USB devices can host infections. The small devices aren’t generally viewed as a threat because people don't use them in a way that would suggest they can compromise a machine. By embedding their own software into a drive's memory, hackers can force computers to run malicious code though.
Victoria Police said it is investigating the reports from the public and has set up a Crime Stoppers team to talk to people with information about the scam. The USB sticks should not be used for any reason. Ideally, they should be disposed of as soon as they arrive. The attack is currently targeting residents of Pakenham in Melbourne.