USB drives left in car park as corporate espionage attack vector

A number of infected USB flash drives were recently left in the car park of Dutch chemical firm DSM in a failed corporate espionage attempt. According to a report from Dutch newspaper Dagblad De Limburger, these drives were planted by an unknown party in hopes that one or more of the company's employees would insert them into their office systems.

However, instead of plugging it into one of the company's systems, an employee who found one of the USB sticks turned it over to DSM's IT department. Upon examination, they discovered that the drives contained malware that was set to automatically run upon being inserted into a computer. The malware is said to have been a key logger designed to capture usernames and passwords, and access the company network to send them to an external site.

Upon finding this, the company blocked all access to the IP addresses which the malware attempted to contact. Because, they say, it was a clumsy attempt to steal data and as no damage was done, DSM decided not to contact the police.

Would you report to the police?

Disable Windows Sidebar and Gadgets NOW on Vista and Windows 7. Microsoft warns of security risk

Users of Windows Vista and Windows 7 have been advised to completely disable their Windows Sidebar and Gadgets, in response to what appears to be a serious security risk.

The Windows Sidebar is a vertical bar that can appear at the side of your desktop, containing mini-programs (known as gadgets) that can provide a number of functions such as a clock, the latest news headlines, weather report and so forth.

A security advisory issued by Microsoft's security team advises that vulnerabilities exist that could allow malicious code to be executed via the Windows Sidebar when running insecure Gadgets.

The warning comes ahead of a talk scheduled for Black Hat later this month by Mickey Shkatov and Toby Kohlenberg. Shkatov and Kohlenberg's talk, entitled "We have you by the gadgets", threatens to expose various attack vectors against gadgets, how malicious gadgets can be created, and the flaws they have found in published gadgets.

"We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets."

If the researchers have managed to find ways to exploit existing gadgets that's particularly worrying.
Clearly Microsoft is worried about the security researchers' findings, and has issued a "Fix It Tool" which will protect Windows 7 and Vista users by entirely disabling the Windows Sidebar and Gadgets functionality.
Yes, that's right. Microsoft hasn't issued a security patch to fix the vulnerability. They're suggesting you completely nuke your Windows Sidebar and Gadgets.

Which is bad news if you found those sidebar gadgets useful. You better find a new way to tell what time it is, or catch the latest from your favourite RSS feeds.

Sorry if it causes you any pain, but I would recommend you follow Microsoft's advice if you run Windows 7 or Vista and apply their "Fix It tool" as soon as possible. It may be a sledgehammer to crack a nut - but it's a nut that needs smashing, and fast.

Interestingly, Microsoft has dropped Gadgets from the upcoming Windows 8. In retrospect, that was probably a very good idea.