Two key takeaways from article highlight dangers associated with  (1) plugging your own USB device into another already infected computer or (2) finding and later using USB device of unknown origin (that might also be potentially infected).

http://www.pcworld.com/article/3070048/security/how-to-keep-usb-thumb-drive-malware-away-from-your-pc.html

Maybe you know not to plug strange USB drives into your computer, but trends indicate that most people think nothing of it. This is not a new risk. A decade ago, a group of penetration testers—hackers who are paid to break into companies, a la Sneakers—dropped 20 USB sticks around the parking lot of a credit union. Fifteen of them were found by employees, and each of those was eventually plugged into a computer, unwittingly running a program that communicated with a “bad” server.

In a recent and more rigorous experiment, a group of researchers from the University of Illinois Urbana-Champaign, University of Michigan and Google, dropped nearly 300 USB thumb drives around six campus locations and found that at least 45 percent of them were plugged into a computer and perused by the person who found them. While some of the people made an attempt to check the drive for malware—scanning it with antivirus software, for example—very few seemingly understood the risk of using an untrusted USB drive.

USB drives: Untrusted and ubiquitous — “In the current world, there is no advice, except to know the provenance of the USB drive,” Bailey said. “Do not trust, don’t plug or insert untrusted media into your computer.” For anyone tempted by the relative ubiquity of USB drives, this is hard advice to take. Security services provider Verizon, which publishes the annual data breach report, recommends that companies attempt to keep track of whenever USB drives are used. When the company finds untrusted USB drives, it can test them, said Chris Novak, a director with the firm’s RISK team, a computer investigations group.

Encrypted USB drives offer additional safety — When buying a drive, picking one with hardware encryption is also a good step. More advanced drives do not solve the basic problem of being a vector for malware, but they can protect the data on the drive and prevent firmware-based attacks such as BadUSB, according to Andrew Ewing, Flash Business Unit manager at storage-maker Kingston.

RECOMMENDATION — So, next time someone gives you a free USB drive, return it. If you find one on the ground, turn it in to lost-and-found. Plugging it into your computer is the worst digital hygiene, said Verizon’s Novak. “Think of USB sticks like toothbrushes and then you will not be so quick to pick it up and share it,” he says. (Ew.)