Do You Have a Process?

USB thumb drives, such as those pictured below from www.promotionalpro.com, are very popular marketing item, but oftentimes people are not aware of the digital risks these devices can present.

In recent years many USB devices have been sold or given way only to be found to be pre-infected from the factory. At a recent security conference in Australia IBM handed out USB drives that were infected. Electronics stores have sold infected digital photo frames, and even TomTom shipped an infected GPS system.

There needs to be a fundamental shift in the manufacturing process to prevent many of these devices from shipping with malware, however, for a company purchasing USB devices for promotional uses, there are steps that can be taken to ensure a successful marketing campaign instead of a PR nightmare.

If you decide to use promotional devices then adhering to a few processes can ensure you only share what you plan to share. To begin with, know how many files are supposed to be on the drive and what their content is supposed to be. You should have a list of the size of each file, how many files are in each directory, and a CRC or hash of each file. CRCs or hashes are mathematical calculations of files than make it very easy to be sure the file you are checking is identical to the file you know it should be.

When you provide your marketing materials to be put on the drive at the company you are buying the devices from, have a list of the files and hashes. When you receive the drives then take a sampling of them. Be sure that you are using a computer that has Autorun turned off. Use a high quality antivirus product and scan at least one of the new drives. I would recommend scanning several random drives. I also recommend using more than one antivirus product for this application.

The next step is to make sure that there are exactly the same number of files on the thumb drive as you know should be there, and that the CRC or has for each file is identical to what it should be.

If these guidelines were followed by the IBM marketing department in Australia they would never have handed out infected drives. It isn’t only malicious software that can be a problem. If a wrong file is purposely or accidentally copied on to the thumb drives you could be distributing hateful, hurtful, or indecent messages on your promotional items.

USB drives can be excellent promotions, as long as you know what it is that you are handing out. Checking the product thoroughly before you hand it out can keep your business looking good!

Randy Abrams
Director of Technical Education

Author ESET Research, ESET

  • Matthias

    Great Tips! I always had a bad time of choosing a flash drive. I've lost lots of important files because my USB got broke one day. My PC would not detect it i don't  what happen. My friend told me USB cannot be fix you need to buy a new one. Thanks for your tips hope this time i can get a durable flash drive.

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.