USB Sticks that Stick it to You

Short Story: Beware the "free" USB memory stick.
Long Geeky Story:
From: David Lesher
Subject: AMEX sends USB trojan keyboards in ads

A fellow user group member reported getting a USB-fob from American Express. When he plugged in to a port, it attempted to send his xterm command line to {the dots were hex digits, it appears.... [and PGN changed x to dot to avoid filtering]} but didn't succeed. [It may be Windows and Mac compatible, but not Linux...]

That address redirects to an Amex URL:

It identified itself on the USB chain as: Bus 003 Device 003: ID 05ac:020b Apple, Inc. Pro Keyboard [Mitsumi, A1048/US layout]

Since it's clearly NOT an Apple Pro Keyboard; one wonders why the manufacturer chose that false identity. The masquerade as a keyboard might also have been to penetrate those machines that do not blindly mount USB storage devices.

Risks: While we now look for incoming malware on the TCP/IP connections, clearly we need to similarly monitor the other ports as well; you can do just as much damage (or more) with a insider keyboard attack, given some social engineering. Is the power line next?