A social engineering attack that involves the attacker leaving malware infected portable storage media, such as USB memory sticks, in locations where people will find them. The hope is that the target will insert the USB device into a computer. Once this occurs, an executable malware file is triggered to run surreptitiously. For example, keylogger software might be downloaded onto the target’s computer, which transmits login credentials back to the attacker’s command and control centre. The Stuxsnet virus was propagated using an infected USB stick which was strategically dropped near an Iranian nuclear facility.