Here's a list of some slashdot articles mentioning malware distributed using USB sticks:
http://it.slashdot.org/story/13/11/0...to-communicate
http://hardware.slashdot.org/story/1...ugh-usb-drives
http://it.slashdot.org/story/11/12/0...-carry-malware
http://linux.slashdot.org/story/11/0...-against-linux
http://it.slashdot.org/story/10/07/1...-windows-scada
http://it.slashdot.org/story/10/07/0...rs-usb-devices
http://yro.slashdot.org/story/13/12/...obbery-of-atms
http://it.slashdot.org/story/12/07/0...in-parking-lot
There are plenty more, but I think that may be enough for now. I think it is pretty clear that USB sticks are a great way to distribute malware. Note that one of the articles even mentions Linux as being the target of one of these malware because of autorun features. Now, I do use Linux, but I don't have any autorun enabled. However, I am still concerned that USB sticks perhaps should be avoided altogether. There are always alternatives to using USB sticks, such as using a network-based data transfer or internet-based file sharing.
My other concern is that flash media contains a lot of inaccessible code running as firmware that a recent article suggests could be used for man-in-the-middle attacks:
http://www.bunniestudios.com/blog/?p=3554
Although the article mentions SD cards, all flash media have microcontrollers embedded in them, and the firmware can be updated by anyone as long as they know how to do it. Here's one example of what can be done by hacking the firmware:
http://blog.gsmarena.com/how-do-you-...ke-them-apart/
I think that USB sticks do pose a threat and I no longer use them. My question is, can using SD cards and a card reader pose a threat ? Say I want to get pictures off a digital camera. I can use gphoto2 or use a card reader, which one is safer ?
