While USB drives have long been a security threat, the Flame spying malware brought the use of portable storage devices to a new level of weaponry.
Flame, discovered last month in Iran’s oil-ministry computers, used USB ports found on every PC as a pathway to avoid detection by network-guarding security systems.
Because Flame was looking for highly sensitive data, it had to steal the information from networks without internet connections, yet still be able to connect at some point to a remote command and control server, vendor Bitdefender said in its security labs blog. To do that, Flame would move stolen files and a copy of itself to a memory stick inserted in an infected computer.
When the storage device was plugged into another PC, Flame would check to see if it was connected to the Internet and then copy itself and the stolen files to the new host, which the malware used to compress the data and transmit it to the controller’s server over HTTPS, Bitdefender said.