windows 7 - What is the danger of inserting and browsing an untrusted USB drive?

Suppose someone wants me to copy some files to their USB stick. I'm running fully-patched Windows 7 x64 with AutoRun disabled (via Group Policy). I insert the USB drive, open it in Windows Explorer and copy some files to it. I do not run or view any of the existing files. What bad things could happen if I do this?

What about if I do this in Linux (say, Ubuntu)?

Please note that I'm looking for details of specific risks (if any), not "it would be safer if you don't do this".

Less impressively, your GUI file browser will typically explore files to create thumbnails. Any pdf-based, ttf-based, (insert turing-capable file type here)-based exploit that works on your system could potentially be launched passively by dropping the file and waiting for it to be scanned by the thumbnail renderer. Most the exploits I know about that are for Windows, though, but do not underestimate the updates for libjpeg.

The worst that can happen is limited only by your attacker's imagination. If you're going to be paranoid, physically connecting pretty much any device to your system means it can be compromised. Doubly so if that device looks like a simple USB stick.

What if it's this?

Pictured above is the infamous USB rubber ducky, a little device that looks like a normal pen drive but can deliver arbitrary keystrokes to your computer. Basically, it can do as it pleases because it registers itself as a keyboard and then enters whatever sequence of keys it wants. With that kind of access, it can do all sorts of nasty things (and that's just the first hit I found on Google). The thing is scriptable so the sky's the limit.

Another danger is that Linux will try to mount anything (joke suppressed here).

Some of the file system drivers are not bug free. Which means that a hacker could potentially find a bug in, say, squashfs, minix, befs, cramfs or udf. Then that hacker could create a file system that exploits that bug to take over a Linux kernel and put that on a USB drive.

This could theoretically happen to Windows as well. A bug in the FAT or NTFS or CDFS or UDF driver could open up Windows to a takeover.

There are several security packages that allow me to set up an autorun script for either Linux OR Windows, automatically executing my malware as soon as you plug it in. It is best not to plug in devices that you do not trust!

Bear in mind, I can attach malicious software to pretty much any sort of executable that I want, and for pretty much any OS. With autorun disabled you SHOULD be safe, but AGAIN, I don't trust devices that I am even the slightest bit skeptical about.

For an example of what can do this, check out The Social-Engineer Toolkit (SET).

The ONLY way to truly be safe is to boot up a live Linux distribution, with your hard drive unplugged.. And mount the USB drive and take a look. Other than that, you're rolling the dice.

As suggested below, it is a must that you disable networking. It doesn't help if your hard drive is safe and your whole network gets compromised. :)

The USB stick may actually be a highly charged capacitor... I am not sure if modern motherboards have any protection from such surprises, but I wouldn't check it on my laptop. (it could burn all devices, theoretically)

Some malware/virus get activated when we open a folder. The hacker may use the feature of Windows (or Linux with Wine) which start to make an icon/thumbnail of some files (for example .exe, .msi, or .pif files, or even folders with a malware icon) on opening a folder. The hacker finds a bug in programs (like the program that create a thumbnail) to make it possible for the malware to get in action.

Some faulty devices may kill your hardware, especially the motherboard, and most times silently, so you may not aware of it.

The worst thing which could happen is the infamous BadBios infection. This supposedly infects your USB Host controller by pluging it into your computer regardless of your OS. There are a limited range of manufacturers of USB chips, and so exploiting all of them isn't too far fetched.

Of course not everyone believes BadBios is real, but it is the worst thing which could happen to your computer by plugging in a USB drive.

This is pretty much how the iranians (?) compromised the entire Department of Defense's classified network. They left a usb stick on the ground in a car park outside a DOD site. Some genius picked it up took it inside and plugged it in, modern day espionage is so boring. I mean a USB stick in a carpark, bring back 007!

http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new-domain