Because it affects the firmware of the USB's microcontroller, that attack program would be stored in the rewritable code that controls the USB's basic functions, not in its flash memory -- even deleting the entire contents of its storage wouldn't catch the malware. [...]
The kind of compromise they're demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue. "These problems can't be patched," says Nohl. "We're exploiting the very way that USB is designed."
Because it sounds pretty bad.