Taiwanese police give infected USB drives to cyber-security quiz winners.
In today’s ironic news, Taiwanese law enforcement officials hosted a contest to test citizens’ knowledge of cybersecurity issues in an effort to raise awareness of the crime, then awarded participation prizes that contained malware infections. As many as 54 of the prizes, small flash drives, have been reported to contain the harmful software.
The government agency has blamed a third-party contractor for the error, stating that the malware steals personal data from the user’s device. However, other reports claim that the upload by an employee of a Taiwan-based company had no malicious intent. Rather the employee was trying to test the capacity of the drives and uploaded a large file to them. The file contained the malware.
Missing in action
So far, about 20 of the drives have reported been recovered from the winners, but this is certainly not the first time or the largest spread of an infection through handouts. IBM delivered infected USB drives to its customers last May, and the American Dental Association mailed out flash drives to dentist offices across the US a couple of years ago. Those free flash drives that sit in grab-one bowls at trade shows and conventions also have a long history of containing malicious software.
As it turns out, that annoying little popup that asks if you want to scan your drive every time you plug it into your laptop might have a higher purpose after all. There are a few warning signs that might indicate your drive is infected, and a shockingly high number of articles have been written warning users against plugging in a flash drive that they found somewhere, which indicates that this unsafe behavior may be all too common. Surprisingly or not, a study by the University of Illinois found that of the 300 flash drives the researchers “dropped” around campus, 98% were picked up by someone and at least 45% of those people opened one or more files on the drive.