A long week with a recurring thread

SophosLabs analysts do get to do other things besides analyze malware, in the last month or so I have been spending more time on other projects. This last week (Monday to Saturday) I have been analyzing customer samples and have noticed one recurring thread.

USB-aware malware is still a danger. SophosLabs have been trying to raise awareness of the danger posed by USB devices for a while:

  • USB malware being nearly the first thing we blogged about back in April 2007
  • SophosLabs detailing ways of keeping safe in July 2007

Now we have more practical solutions for consumers:

  • Sophos Endpoint products have device control
  • SophosLabs provide HIPS rules targeting USB malware

Earlier this week I blogged about Troj/Tiotua-U which could have been caught by HIPS. In the days following I then saw several more pieces of malware that would have been caught, most notably, on Thursday evening W32/Tiotua-W. Since then I have been thinking about what more SophosLabs can do to help fight USB malware.

The problems of USB malware are obviously not going away soon. How many USB devices in your company are infected at any one time?

If you have any comments or can suggest best practices for combating USB malware then contact this blog via sophosblog@sophos.com.