New Computer Comes with Side Order of Malware
Sometimes when you buy a computer you get more than you bargained for. Such was the case when Kaspersky Lab purchased an M&A Companion Touch netbook. Bundled along with the device were three pieces of malware--Worm.Win32.AutoRun.aayn, Rootkit.Win32.Agent.hwq and Packed.Win32.Krap.g. After some analysis, researchers concluded the files had been present since February, long before the security company bought the netbook. "What I managed to track back by looking at restore points the oldest appearance of the malware on the system was in a restore point that was created when some drivers were installed," said Roel Schouwenberg, senior anti-virus researcher at Kaspersky. "I therefore assume that because netbooks don't have optical drives, a USB stick was used to get the drivers onto the machine." Kaspersky officials purchased the machine to run compatibility tests for their security software. What they got in addition was surprising--but not unheard of. "What we normally see is that devices such as MP3 players are infected with 'AutoRun' malware," Schouwenberg said. "They get infected by infected testing machines at the factories. To see this kind of situation where the actual OS is infected is quite rare." The only other example that springs to mind is when ASUS delivered an install CD a couple of months ago with one of its products with a backdoor Trojan in tow, he added. But in a number of cases, the infection may never get traced back to the new device. "A lot of it is just pirated [hardware] and software, like phony Cisco routers, but increasingly--as the U.S. isn't the center of the IT supply chain anymore--malware or built-in dangerous add-ons are becoming an issue," Gartner analyst John Pescatore said. "Back when Microsoft coders would build Easter eggs into Excel, it seemed cute, but when it happens in IT coming from China, it's not so funny anymore." This time, the situation was hardly dire--the malware in question is designed to steal passwords for online games such as Lord of the Rings. The implications, however, are clear: You can't always trust that new equals safe. Perform an offline scan with an up-to-date security solution to be sure. |
Comments (4)
Back in 1998 we purchased new computers from Gateway and I was installing them and our antivirus software detected a virus on Gateway's install CD. I checked several other Gateway CD's and all of them were infected.
I called Gateway tech support and their tech admitted that they knew about the anti-cmos virus but had no plans on replacing the CD's that were shipped with the new computers. I asked for a replacement CD set and they said the charge was 35.00 and they had to receive our infected CD's before a new set would be shipped.
Recently I used a floppy from that company that I had kept when I left and it still had the anti-cmos virus infected program on the floppy. Ask me if I recomment anybody to purchase Gateway computers after that.
Posted by Fritz | May 22, 2009 9:36 AM
All our netbooks are entirely clean. But then they run Ubuntu when shipped and Kubuntu about 5 minutes after we get them!
Posted by Chris Puttick | May 22, 2009 11:12 AM
Kubuntu must die!!! ^)
Posted by Nik | May 28, 2009 2:51 PM
Wait a minute....malware being installed on the mp3 players at the factory? In mass quantities? I cannot even imagine the logistics behind an attack like that. Perhaps some angry programmer could do it, however. Juts slip a little bug in the onboard software..yikes...If new, out of the box HARDware is not safe, what the heck is?
Posted by Mike | November 10, 2009 10:38 AM