Social Engineering, the USB Way is a rather worrying report into a successful penetration test using a mixture of social engineering and malware techniques. One morning before work, the testers scattered USB thumb drives containing Trojans in the parking lot and smokers' corners outside their target credit union premises. The workers duly discovered the 'lost' drives, took them in, plugged them in and compromised their systems security. The worrying part is the success rate, the potential impact and the likelihood of success elsewhere. Possible controls include security awareness training, antivirus tools, IDS and USB blocking software.
More social engineering and malware links