[QUOTE=SeÃ¡n;2783848]I just after watching a TV programme on cyber security that mentioned just how easy a hacker was able to run code on peoples computers - USB sticks.
A researcher placed an executable file on 100 sticks titled ‘CV’ with a Word document icon. These sticks were randomly placed to simulate people accidentally dropping them or leaving them behind such as on benches, cafÃ© tables and so on. The executable file did nothing more than ping a server.
Before all the sticks were fully distributed, their server already started receiving pings. So that executable could have been anything a hacker wanted to run such as ransomware, screen capture, keylogger, etc. Of the 100 that were distributed, they received pings from 34 of them, which included university and corporate networks and private individuals.
It also shows that hackers don’t need special USB sticks that send keystrokes, etc. - Just ordinary USB sticks with an executable file disguised with an innocent looking file name such as ‘CV’.[/QUOTE]
One other good reason to disable “AutoRun” as well. Making users use Limited accounts and disable AutoRun is the first step to harden a system resource but Users and IT seems to have forgotten this simple measure would stop most infections.