The real issue
is organisations that allow mounting USB drives without suitable mount options (think noexec, nosuid et al). Avoiding malware this way is super easy
- Home folder is mounted with noexec and nosuid
- Automount configured to do the same.
Users can only execute system binaries and are unable to infect the system.