...and when "they(the vectors)" dont have (or knowingly ) no internet connectivity,,????? :bed:

Four things about this. 1) This can be circumvented simply by updating the USB driver to forbid the computer from talking to the USB stick in certain ways 2) You can't run malicious code on a computer if the anti-virus is active and knows about said code, simply talking to the host controller does not change the fact that the data has to pass through the computer somehow 3) Infected USB sticks can be fixed with ease if they can be infected this easily, meaning like above, microsoft/apple etc pushes a patch to the OS where every time a USB Stick is inserted, it checks for the vulnerability, and if its present, fixes it itself. 4.Announcing this to the world, and not keeping it secret while working with computer companies to roll a fix out, is raising all levels of warning flags that this is bullcrap

Did you even read how it's done? Actually firmware of the USB is compromised not files stored, so nothing to scan. You're AV can't scan firmware chips it's impossible. It works by altering firmware of USB controller on your motherboard entirely in hardware, so explain to me how OS would prevent that?

A lot of people aren't getting what's going on. The problem is with the usb hardware communication protocol. This doesn't matter what operating system or device you are using. This is all about the information exchanged from the usb controller in the device to the usb controller in your pc.

@Valagard and others: Do you really believe that your operating system (win/linux/mac) is aware (can be aware) about all those HW level calls/instructions/DMA/...? Yes, there are ways how OS can scan USB drive FW unless it is write only for OS and it is read by its own controller at boot. But no, if such modified device identifies to OS as 2 separate devices OS have no way to identify if it is real or fake device. All USBs can simply share same wires on controller as you can stick USB bub for this very reason on it. USB is made to accept concurrent communications. And there is no way to tell if one device uses 2 different HW IDs, listens and answers to 2 communications at once or you have 2 devices on USB hub. And once you plug in USB device it already works, does what it was programmed to do before OS gets its HW ID and tries to install appropriate drivers so OS can use such device to full extent. And I believe risk from emulation of mouse keyboard are jokes here, that is smallest what can happen. If device and identify itself as PNP0200 (DMA controller) or any other part of chipset? If it could succeed in taking over or sharing role of some parts it would slow affected PC due to low bandwidth of USB but would allow to do a lot more.

So what about fixed function purpose made chips? Oh wait, engineers now just know to code now, that's a shame...

What about the anti-hackable Linux? Linux is said to be "unhacakble" because it requires your password for everything, even uninstalling or installing apps or officially updating from their own repositories. I have Linux Mint 17. Snappier, Beautiful, awesome and With WINE (Used to run Windows Apps without emulation) it's my favorite OS.