I just read a "mark mail" pointed to by Tim Oreilly from David Farber. We would be totally vulnerable to this type of cyber attack at SJSU:
I've heard a rumor about the way the WORM made it's way into the Pentagon computer network. If true, it was a simple but brilliantly effective method. Someone infected thumb drives with the WORM then dropped them around the Pentagon parking lot. The employees, picked them up, took them into their offices and plugged them into their office computers to determine the owner of the drive.
That is exactly what we do, and were instructed to do, with thumb drives left in the computer lab at the university help desk.