Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Found On Brand-New Windows Netbook

Posted by kdawson on from the be-careful-out-there dept.

An anonymous reader alerts us to an interesting development that Kaspersky Labs stumbled across. They purchased a new M&A Companion Touch netbook in order to test a new anti-virus product targeted at the netbook segment, and discovered three pieces of malware on the factory-sealed netbook. A little sleuthing turned up the likely infection scenario — at the factory, someone was updating Intel drivers using a USB flash drive that was infected with a variant of the AutoRun worm. "Installed along with the worm was a rootkit and a password stealer that harvests log-in credentials for online games such as World of Warcraft. ... To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan."

26 of 250 comments (clear)

  1. Ha ha. by yourassOA · · Score: 5, Insightful

    Doesn't seem like an accident.

    1. Re:Ha ha. by SanityInAnarchy · · Score: 3, Insightful

      Yeah, because if they weren't pre-installed, the OS DVD would be so much safer...

      Right...

      If the manufacturer is compromised, you're boned either way.

      --
      Don't thank God, thank a doctor!
  2. Pffft by BobReturns · · Score: 3, Insightful

    Yes, because any average Joe user is capable of utilising that 'solution'.

    1. Re:Pffft by EsbenMoseHansen · · Score: 2, Insightful

      The first thing I did with my laptop was to reinstall Vista with the DVD that came with it. Is there a way to get malware from there or the driver disk?

      Replace "Vista" with Ubuntu/Red Hat/SuSE/Debian and you should be fine :P More seriously, why hasn't Microsoft made a package manager+repositories yet? It is absurd that people and companies have to verify that drivers and (basic) applications are clean. The problem is a problem that already has a proven solution: signed packages from a large repository. Signed to guard against tampering after the repository. Large, so that any foul play is discovered quickly. Heck, I'm sure that you could port apt+dpkg or rpm to windows and be down with it :)

      --
      Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
  3. Right..... by phantomfive · · Score: 5, Insightful

    To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan

    And people say Linux is user unfriendly? I never use Windows to visit banking/credit card/money websites, and I advise all my friends to do the same.

    --
    Qxe4
    1. Re:Right..... by phantomfive · · Score: 4, Insightful

      The only reason it's always that way is due to the fact it would be almost useless for an attacker to target linux ......

      It's not the only reason. The obvious counter-example is IIS vs Apache, where IIS has gotten owned more than Apache, despite Apache's vastly greater marketshare.

      Personally I'm looking forward to a world that is 30% OSX, 30% Linux, and 30% Windows. Not only will there be more software available for the OS of my choice, but also it will be harder for malware to spread. Look, in this case if the manufacturers hadn't been using Windows to download the drivers in the factory, the virus wouldn't have spread to the new computer. Monoculture is bad for many reasons.

      --
      Qxe4
    2. Re:Right..... by iamhigh · · Score: 2, Insightful

      It's not the only reason. The obvious counter-example is IIS vs Apache, where IIS has gotten owned more than Apache, despite Apache's vastly greater marketshare.

      Start with IIS 6 and that isn't really true anymore. It is widely accepted by those without a bias that IIS 6 is as good as equivalent Apache releases (when properly configured, of course).

      Do you really think having to write software on 3 different systems will result in less malware? Do you think companies will double the development staff to accommodate the differences in systems? I think a 33/33/33 split would make software companies have to support more variances, but probably not do any as well as they do now. And yes, if you get that split, and the split is equally distributed among the different levels of technical ability, you would start to see malware for Linux and OSX; do you really think a Windows user that has just "clicks thru" wouldn't do the same on Linux (or type sudo first or whatever the equivalent is on OSX)?

      --
      No comprende? Let me type that a little slower for you...
    3. Re:Right..... by sphealey · · Score: 4, Insightful

      > Do you really think having to write software on 3 different
      > systems will result in less malware?

      Do you really thing that monocrop agriculture could destroy an entire civilization? Oh wait...

      And when NASA attempted to build the ultimate fail-safe computer system for the Shuttle do you really think they wasted their money having 1 of the 5 CPUs built, designed, and programmed by an entirely separate organization than the primary contractor and prohibiting the two design groups from communicating with one another? Oh wait...

      sPh

    4. Re:Right..... by hairyfeet · · Score: 2, Insightful

      Don't you worry, Linux user! I'm sure if the day comes that you manage to get Velma(I needed to move the machine, so I just yanked and now there are wires hanging out. Is that bad?) and all her little friends moved over from Windows I'm sure your friends at the Russian Business network will be able to design new and easy to use Linux viruses that Velma and all her friends can use to turn Linux into a virus laden hunk of malware.

      It is inevitable due to the fact of a strange phenomena that goes by the weird name of PEBKAC, or the alternate name of ID10T error. this is why putting an occasional Velma(God I hope she ain't as bad as the real Velma) like your wife on Linux is safe. She is safe because she not only has you there as tech support to do all the nasty CLI stuff that may come up, but also because your friends at the Russian Business Network and their associates in Nigeria and China know that there are about 100,000 Velmas on Windows out there for every possible tuxVelma. After all as of 2006 Windows XP had over 400 million users and guys like me releasing even more on new machines being built every day.

      So be glad you have your wife on Linux. I bet that means you have very few occasions to use this face which guys like me pretty much have permanently attached. BTW the Velma story was completely true. That is why Linux won't be safe from the Velmas of the world. Because it doesn't matter how many times you warn her, if Velma thinks something is from her bff Kim(who is one of those chain letter sending, click on anything you email her types) then she will ignore you and keep right on going. A classic case of The Dancing Bunnies problem, which you see way too often in the Windows world.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  4. Who watches the... by yerktoader · · Score: 5, Insightful

    But trusting another computer depends on knowing it's clean of malware. I'd think it a better bet for Kaspersky to offer bootable thumb drives with a slim OS and their software, allowing users to scan any machine with a known good device.

  5. Press Release: Stunt number 43242 by JK_Huysmans · · Score: 4, Insightful

    Oh, how I love Kaspersky's constant press releases.

    "OMG Virus! Buy our product!"

    All they seem capable of for marketing is different stunts related to finding viruses in weird places. Come on. Seriously.

    1. Re:Press Release: Stunt number 43242 by Ilgaz · · Score: 3, Insightful

      As I don't use Windows, AV company security blogs tells me a lot about the security scene after I filter the PR.

      Also Kaspersky never says ''buy our product'', they don't need such stupid stunts. A person who buys one of those cheapo TW netbooks won't likely afford their product either. They say ''a security product'' without mentioning any brand while they have right to advertise their own.

      Once upon a time, computer vendors (including Taiwanese) were decent enough to run a god damn antivirus (standard was 3 of them) before shipping the computer. I guess they are targeting old timers reminding them it is not the case anymore.

  6. But not with a thumb drive! by TinBromide · · Score: 2, Insightful

    they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan.

    Just be sure to scan the thumb drive so you're not infecting it!

    --
    Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
  7. Re:Or... by yerktoader · · Score: 5, Insightful

    You know, I always thought it would be a good idea to ship PC's without the OS loaded. If the end user had to set up the OS it would force them to learn the basics...But that's why I'm an ex-tech support asshole I guess.

  8. manual driver installs? by Timberfox · · Score: 1, Insightful

    i would figure that a company who produces that many computers would be imaging each hardrive from some master or something, not hap hazzardly using a random virus filled thumb drive.

  9. False sense of security by Len · · Score: 4, Insightful

    Devices with any OS can come with malware. Even iPods and picture frames have been shipped with malware pre-installed. There's nothing magic about Linux, other than its ability to suppress the geek skepticism reflex.

    1. Re:False sense of security by Sir_Lewk · · Score: 4, Insightful

      The main difference is the vast difference in security practices between the two platforms. The only reason malware on ipods and photo frames is dangerous is because windows by default thinks that it's clever to auto-execute code off of external devices.

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    2. Re:False sense of security by LaskoVortex · · Score: 1, Insightful

      Huh? He's given two. Or do you mean a reference to the suppression of the geek skepticism reflex?

      You are pretending to be dumb. But, in case you aren't: Yes. The parent post grouped Linux in with picture frames in terms of vulnerability but didn't give a reference specific to Linux. That's like saying that your favorite operating system sucks and giving examples of two *other* shitty operating systems as evidence. Actually, that's not like what he did. That is what he did.

      --
      Just callin' it like I see it.
    3. Re:False sense of security by icannotthinkofaname · · Score: 3, Insightful

      And then it would be "News for nerds," instead of, "Microsoft bashing session for nerds."

      --
      Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
  10. Re:They really hand-install drivers? by msobkow · · Score: 2, Insightful

    You're right about using drive images. However, when I was responsible for rolling out lease-return machines, we were re-imaging the systems from install CDs, rather than using "hard drive arrays." It's far easier to pop an auto-installing CD into the tray than it is to remove the hard drive, install it in an array, re-image it, then re-install it back into the PC.

    It's not a very painful process -- about all you had to do was click "Ok" after the imaging CD booted and asked you if you were sure you wanted to re-image the machine.

    Then again, IBM has always had some pretty slick install/imaging utilities for their machines.

    --
    I do not fail; I succeed at finding out what does not work.
  11. Re:Moot issue? by Anonymous Coward · · Score: 1, Insightful

    Not necessarily. WOW itself takes up less than 12 GB on my system. I can easily get a USB jumpdrive larger than that, or even a HDD.

    Beyond that, people do visit Blizzard's website to access their account, for various reasons.

  12. Re:Remind me again by koiransuklaa · · Score: 2, Insightful

    On a back up USB drive to run a script to back up the host automatically.

    Why on earth would that be a function of the usb drive and not the something running on the machine -- unless your intention is to 'backup' your friends machines or something -- in other words why wouldn't you implement that as a script on the machine that runs when a specific usb devices are connected to the machine?

    Your idea just sounds like you're seeing nails because of the hammer in your hand...

    Many more reasons.

    Lets hear them, please.

  13. Re:Remind me again by dgatwood · · Score: 4, Insightful

    No, AutoRun should not exist. You can't create a warning that scares people into clicking "no". If you try that, the first thing the customers do is call your support line asking why their copy of [Insert expensive software package here] contains a virus when it is really just set to automatically run their installer. Then, the only valid use of AutoRun becomes a black mark for software vendors and they stop using it, making it a completely useless technology.

    The only possible way to make AutoRun be usable without being a gaping security hole is to require that all AutoRun software be signed using a signing key distributed by the OS vendor. Unfortunately, that could be a slippery slope to requiring all apps be signed (at significant cost), which would be a giant step backwards for small software vendors, open source, etc. Such a security measure would also have to have been done from the very beginning to avoid the problem of existing apps causing panic attacks in end users.

    The only solution is to kill AutoRun completely. It should not exist. It has no good reason for existing. The only thing it really does is by its nature a security hole. Just shut it off already.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  14. Buy our shit, seriously! by billcopc · · Score: 4, Insightful

    Kaspersky releases "news" article about their virus scanner saving the day, while casting doubt on all PC vendors. Solution: Buy our shit!

    I don't care whether it's malware, weapons of mass destruction, or kiddie porn. It's all baseless fear-mongering to push corporate or political influence, in the end it's all just money.

    What they of course fail to highlight is the fact that the solution is neither effective nor guaranteed to work. Kaspersky's scanner, like any scanner, cannot catch all malware, just like Bush couldn't (wouldn't?) catch OBL. Perhaps worse is the high rate of false positives, such as when your virus scanner mistakenly recognizes a Linux ISO as a boot sector virus, or your republican mistakenly recognizes a Linux hacker as an islamic terrorist. Bullshit all around!

    --
    -Billco, Fnarg.com
  15. Re:Remind me again by ConceptJunkie · · Score: 2, Insightful

    Despite what a lot of the morons in Slashdot think, Microsoft does listen to people's complaints.

    Yeah, AutoRun and not showing the file extensions by the default are two of the most stupid ideas Microsoft ever had, and they have a _lot_ of stupid ideas. Maybe they did listen to complaints, but it took them 15 years to do something about it. Both those features started with Windows 95.

    Personally, I'd prefer to do business with a company that doesn't take 15 years to fix its mistakes.

    --
    You are in a maze of twisty little passages, all alike.
  16. What ought to happen by Animats · · Score: 3, Insightful

    Recall Alert
    U.S. Consumer Product Safety Commission
     Office of Information and Public Affairs
    Washington, DC 20207
    May 23, 2009
    Alert #09-993
    M&A Companion Touch
    The following product safety recall was voluntarily conducted by the firm in cooperation with the CPSC. Consumers should stop using the product immediately unless otherwise instructed.
    Name of Product: "Companion Touch" notebook computer
    Units: About 9,000
    Distributor: M&A

    Hazard: The laptop computer may have pre-installed hostile software (a "virus" or "worm") which could result in the unauthorized transmission of private user data, including bank account numbers and passwords, to a remote site.
    Incidents/Injuries: None reported.

    Remedy: Immediately stop using the device and return it to the point of sale for replacement. If bank account or credit card information has at any time been stored on the device, contact your bank and credit card providers to check for fraud and identity theft.

    If computer security is to be taken seriously, such actions are essential.