Did you know that the simple act of plugging a USB thumb drive into your computer will often run (AutoRun) a program that’s on the drive? So an easy way to compromise computers is to put malicious software on some USB drives and scatter them around on the ground. Quite a few people will pick up such a drive and plug it into their computer to see what’s on it.
The recent Stuxnet worm used USB drives to get inside Iranian power plants and infect their control systems. It was designed to work even if AutoRun had been disabled. Just browsing the drive and opening a folder was sufficient to infect the computer.
This type of attack can be prevented by education. Simply put, be very careful about using a USB drive from an unknown or untrusted source. And if you find it laying on the ground in your company’s parking lot, throw it away (or report it to your computer security personnel if such exist).