Flame stashes secrets in USB drives
<snip>
The Flame attack, however, takes the infection of removable media to another level.
In an ongoing analysis of the attack, security firm BitDefender has pinpointed a component of Flame that uses removable media as a carrier to sneak data out of secure installations. On computers not connected to the Internet -- a potential sign that the system is part of a sensitive, "airgapped" network -- Flame waits until a USB drive is inserted. Then it copies not only itself, but a prioritized list of stolen data as well.
<snip>
If a Flame-infected computer cannot connect to the Internet, it will infect any USB drive mounted by the system. Once infected, the attack will then copy files from the system to the drive, giving Word, Excel, and PowerPoint documents highest priority. If the drive still has space, it will copy CAD files and, last, JPEG files.
When the infected drive is inserted into another computer, it could spread the Flame virus -- although that functionality seems to be inactive. Instead, the program will attempt to connect to the Internet only on systems already infected. If Flame cannot communicate to the command-and-control servers, it will again copy files, clearing lower-priority documents to make space for additional data.
If the new system can connect to the command-and-control server, then Flame will copy the USB drive's contents to the computer. Its task is complete.
<snip>
http://www.infoworld.com/t/malware/flame-stashes-secrets-in-usb-drives-195455