Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Usually just printing. I find the viruses on my USB drive after printing from it on other people's computers. I keep that drive for one-way use and never get files back off it because they're all potentially infected.


Note that that the pendrive itself is potentially "infected" too, sometimes there are OS and file manager bugs resulting in code execution without the user clicking anything.


Those bugs would be zero-days and patched before viruses using them are widespread.


You put files onto the stick.

You put the stick in someone else's machine and print the files. The stick might be infected after this use.

You don't put the stick back in your machine, because it might be infected.

Do you continue to put it in other people's machines to keep printing?


Unlike biological contagions, digital ones typically aren't transferred just by physical touch.

Don't run or open anything off the stick on your machine and you'll be fine.


Windows has had exploits where preview features (eg Explorer thumbnails) were running malicious code.


Of course. Windows has also had RCE vulnerabilities just by being connected to the internet. Hence the need to keep it updated.


The stick itself is the virus aka Bad USB or any other similar vector.


I don't do step 3. Viruses hardly ever work that way. An infected computer can infect a USB drive, but not the other way around for an up-to-date OS and if you're careful not to run mystery programs you find on it.


Not true...


Can you cite any examples or describe the mechanism it would do that?


USB sticks that can use firmware-level filesystem tables and/or multiple host-visible partitions, pretend to be a hub that is hosting multiple devices (HID mouse+keyboard, etc) in addition to an autorun, etc.

Not only can you trivially make such a thing with an arduino but there are also some commercial USB sticks which have a persistent "background" filesystem that cannot be formatted away.

Anything that is run automatically in the background, like the thumbnail services.


However, this is rather theoretical. All that common malware does is hide/delete all your existing directories, and put EXEs (or LNKs) with folder icons and the names of the original directories in their place. Plus maybe some autorun tricks.


For a fake HID device, you'd see cmd windows or whatever else it uses popping up. Other data hidden on it isn't a problem by itself. It can only passively sit there without some other attack vector.


Right, but the GP described an USB stick that they own. If you know that it's just an USB stick none of that applies.

Autorun hasn't been a thing in ages.


Except that is not true, there's BadUSB (https://github.com/brandonlw/Psychson), which updates the firmware of some common USB drives to make it do whatever your want (such as emulating a mouse/keyboard).


https://opensource.srlabs.de/projects/badusb


Stuxnet


Patched




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: