According to a recent survey by Panda Security, 25% of new worms created in 2010 have been specifically designed to spread through USB storage devices.

The findings of the Second International SMB Security Barometer, published by Panda Security, surveyed 10 470 companies across Europe, Latin America and North America.

The survey found that these types of USB worms were on the rise and that these threats are capable of copying themselves to any storage device such as cellphones, external hard drives, MP3 players, DVD’s and of course USB flash drives.

Over the last year 48% of small to medium businesses (SMB’s) surveyed admitted to having been infected by some kind of malware over the last year, with 27% confirming that the source of infection was a USB device.

According to Luis Corrons, technical director at PandaLabs, “at present, much of the malware in circulation has been designed to distribute through these devices. Not only does it copy itself to these gadgets, but it also runs automatically when a USB device is connected to a computer, infecting the system practically transparently to the user. This has been the case with many infections we have seen this year, such as the distribution of the Mariposa and Vodafone botnets”.

Because of the rise and convenience of USB devices, they have become a prime target for cyber criminals wishing to spread malicious software. From MP3 players to digital cameras, all the devices have internal memories which can be easily exploited for malware distribution.

So how exactly does this happen, and is there anything users can do to protect themselves from these types of threats? Well, the malicious software gains entry to a system by using Windows’ AutoRun function. As soon as USB devices are inserted Windows uses the Autorun.inf file found on these devices to figure out which action it is supposed to take.

Cyber criminals have been exploiting this opening by modifying the Autorun.inf file so that malware stored on the device runs automatically when the device is connected to a computer.

The only real way to be safe from these types of threats at the moment is disabling the AutoRun feature in Windows, which is quite a difficult task. To aid users Panda Security has developed the Panda USB Vaccine, a freely downloadable piece of software that offers a double layer of security by disabling the AutoRun feature on computers as well as USB devices.

Panda claims that this will stop malicious software from gaining entry to your system. Users should note however that the AutoRun function won’t be available anymore and that they’ll have to access their devices the old fashioned way (through Windows Explorer). Users can try out the Panda USB Vaccine by downloading it here.