T 5.142 Spreading malicious software via mobile data media

Mobile data media are often used to exchange data between a PC at home and one at the workplace. However, computers for private use are not always protected with the same level of security as the level of security required in a government agency or a company. For example, private computers are often used to access the Internet by people who are not sensitive to information security issues. Typical examples include children or youths who click on web pages with active content in order to play games or chat online.

Due to the less restrictive configurations commonly found on home PCs and the lack of control over their use, malicious software can more easily infect home PCs and may possibly be transferred to the workplace PC via mobile data media.

However, IT systems used privately are not the only source of the threat posed by malware. For example, mobile data media are often used at trade fairs, conventions, and similar events to exchange documents, presentation slides, and other information. There is a danger of spreading malware in this case as well due to the exchange of data media.

Examples:

• MP3 players are also commonly used as mobile data storage devices, and not just for music files, due to their high storage capacity. When used in corporate environments, the resulting combination of private and business files can result in the accidental disclosure of business information to friends and acquaintances. However, malware can also be brought into an organisation as a result.
• At a convention, a visitor wanted copies of the slides of the presentation just made and asked the lecturer if he could make copies of the slides available. The lecturer gave the visitor the USB stick containing the presentation slides. When the visitor inserted the USB stick into his laptop to copy the slides, a malicious program on the USB stick installed itself without the visitor noticing it.