USB malware blamed for bank fraud
In this BankInfoSecurity interview, a lead administrator of the ACH network discusses how cyber-criminals are targeting corporate bank accounts:
it's a type of identity theft really in which cyber thieves gain control of business' bank account by stealing the business' valid online banking credentials. So these credentials are stolen through malware that is installed on a computer, and it can happen in a few different ways. So among those ways could be infected documents that are attached to an email, and the business clicks on that email that document, or a link contained within the email that connects to an infected website. Or a business could use an USB port, a flash drive, so they put the flash drive that has been infected into the USB port.
Once the credentials are stolen, the thief has access to online bank accounts and can fraudulently transfer funds out of the country. This may explain why USB autorun trojans are now the biggest malware threat worldwide according to a recent McAfee study.