A USB stick could be anything, but if it is simply a proper USB mass storage device, it, by itself, can not execute code on the host machine.
To execute code on the host machine, either the host machine has to be stupid (like many Windows versions that try to automatically execute code from plugged-in devices without user interaction) or the device has to be malicious, trying to exploit weaknesses in the host machine.
----
Now, for the files being put on these sticks, there are probably many opportunities to inject a trojan.
To execute code on the host machine, either the host machine has to be stupid (like many Windows versions that try to automatically execute code from plugged-in devices without user interaction) or the device has to be malicious, trying to exploit weaknesses in the host machine.
----
Now, for the files being put on these sticks, there are probably many opportunities to inject a trojan.