
reminds me of this from last year
http://www.darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1
Malware purveyors deliberately left USB sticks loaded with a Trojan in a London car park in a bid to trick users into getting infected. The attack was designed to propagate Trojan banking software that swiped users' login credentials from compromised machines. Check Point regional director Nick Lowe mentioned the ruse during …
I looked into this myself a while ago in order to better secure systems - you must at least disable autorun to be secure on a Windows box. Although most USB sticks won't autorun, this is just due to a hardware bit setting. Just grab one of the Microsoft USB sticks from a tradeshow or the U3 ones you can buy and they are set to autorun - you then just have to set up a normal CD autorun and put it on the stick. Easy!
I imagine there is a way to get it to autorun on Macs too - anyone comment? Just like those CD's that some magazines used to have that would run on Windows or Macs.
Of course, you could just put a tempting exe on the stick anyway like "HR Salary Records.exe" and that would probably do it anyway. Just have it throw up a failure due to lack of some special software, meanwhile installing the trojan in the background.