It seems that folks are being infected when plugging in new devices. Be carefull with that Xmas gift, it may corrupt your sys.
Ref; http://isc.sans.org/diary.html?storyid=3787
Ref; http://isc.sans.org/diary.html?storyid=3807
Ref; http://isc.sans.org/diary.html?storyid=3817
Ref; http://www.securityfocus.com/news/11499
Here's another example: http://www.viruslist.com/en/weblog?weblogid=208187475
My comment from another thread on the same subject;
Some have suggested turning off the 'autorun/autoplay' feature in Windows, which really is a good idea regardless of this prob. However, like your sandbox querry, I don't believe that to be satisfactory security and here is an exerpt from a MS TechNet article that explains exactly why;
QuoteMany USB controllers are actually Direct Memory Access (DMA) devices. This means they can bypass the operating system and directly read and write memory on the computer. Bypass the OS and you bypass the security controls it provides—now you have complete and unfettered access to the hardware. This renders device control implemented by the OS completely ineffective.
Ref; http://www.microsoft.com/technet/technetmag/issues/2008/01/SecurityWatch/default.aspx