Malware Found On Brand-New Windows Netbook

← Back to Stories (view on slashdot.org)

Malware Found On Brand-New Windows Netbook

Posted by kdawson on Saturday May 23, 2009 @09:07AM from the be-careful-out-there dept.

An anonymous reader alerts us to an interesting development that Kaspersky Labs stumbled across. They purchased a new M&A Companion Touch netbook in order to test a new anti-virus product targeted at the netbook segment, and discovered three pieces of malware on the factory-sealed netbook. A little sleuthing turned up the likely infection scenario — at the factory, someone was updating Intel drivers using a USB flash drive that was infected with a variant of the AutoRun worm. "Installed along with the worm was a rootkit and a password stealer that harvests log-in credentials for online games such as World of Warcraft. ... To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan."

16 of 250 comments (clear)

Min score:

Reason:

Sort:

Ha ha. by yourassOA · 2009-05-23 09:12 · Score: 5, Insightful

Doesn't seem like an accident.
1. Re:Ha ha. by SanityInAnarchy · 2009-05-23 11:26 · Score: 3, Insightful
  
  Yeah, because if they weren't pre-installed, the OS DVD would be so much safer...
  Right...
  If the manufacturer is compromised, you're boned either way.
  
  --
  Don't thank God, thank a doctor!
Pffft by BobReturns · 2009-05-23 09:13 · Score: 3, Insightful

Yes, because any average Joe user is capable of utilising that 'solution'.
Right..... by phantomfive · 2009-05-23 09:14 · Score: 5, Insightful

To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan
And people say Linux is user unfriendly? I never use Windows to visit banking/credit card/money websites, and I advise all my friends to do the same.

--
Qxe4
1. Re:Right..... by phantomfive · 2009-05-23 09:25 · Score: 4, Insightful
  
  The only reason it's always that way is due to the fact it would be almost useless for an attacker to target linux ......
  It's not the only reason. The obvious counter-example is IIS vs Apache, where IIS has gotten owned more than Apache, despite Apache's vastly greater marketshare.
  
  Personally I'm looking forward to a world that is 30% OSX, 30% Linux, and 30% Windows. Not only will there be more software available for the OS of my choice, but also it will be harder for malware to spread. Look, in this case if the manufacturers hadn't been using Windows to download the drivers in the factory, the virus wouldn't have spread to the new computer. Monoculture is bad for many reasons.
  
  --
  Qxe4
2. Re:Right..... by sphealey · 2009-05-23 09:56 · Score: 4, Insightful
  
  > Do you really think having to write software on 3 different
  > systems will result in less malware?
  Do you really thing that monocrop agriculture could destroy an entire civilization? Oh wait...
  And when NASA attempted to build the ultimate fail-safe computer system for the Shuttle do you really think they wasted their money having 1 of the 5 CPUs built, designed, and programmed by an entirely separate organization than the primary contractor and prohibiting the two design groups from communicating with one another? Oh wait...
  sPh
Who watches the... by yerktoader · 2009-05-23 09:14 · Score: 5, Insightful

But trusting another computer depends on knowing it's clean of malware. I'd think it a better bet for Kaspersky to offer bootable thumb drives with a slim OS and their software, allowing users to scan any machine with a known good device.
Press Release: Stunt number 43242 by JK_Huysmans · 2009-05-23 09:16 · Score: 4, Insightful

Oh, how I love Kaspersky's constant press releases.

"OMG Virus! Buy our product!"

All they seem capable of for marketing is different stunts related to finding viruses in weird places. Come on. Seriously.
1. Re:Press Release: Stunt number 43242 by Ilgaz · 2009-05-23 09:32 · Score: 3, Insightful
  
  As I don't use Windows, AV company security blogs tells me a lot about the security scene after I filter the PR.
  Also Kaspersky never says ''buy our product'', they don't need such stupid stunts. A person who buys one of those cheapo TW netbooks won't likely afford their product either. They say ''a security product'' without mentioning any brand while they have right to advertise their own.
  Once upon a time, computer vendors (including Taiwanese) were decent enough to run a god damn antivirus (standard was 3 of them) before shipping the computer. I guess they are targeting old timers reminding them it is not the case anymore.
Re:Or... by yerktoader · 2009-05-23 09:17 · Score: 5, Insightful

You know, I always thought it would be a good idea to ship PC's without the OS loaded. If the end user had to set up the OS it would force them to learn the basics...But that's why I'm an ex-tech support asshole I guess.
False sense of security by Len · 2009-05-23 09:50 · Score: 4, Insightful

Devices with any OS can come with malware. Even iPods and picture frames have been shipped with malware pre-installed. There's nothing magic about Linux, other than its ability to suppress the geek skepticism reflex.
1. Re:False sense of security by Sir_Lewk · 2009-05-23 11:13 · Score: 4, Insightful
  
  The main difference is the vast difference in security practices between the two platforms. The only reason malware on ipods and photo frames is dangerous is because windows by default thinks that it's clever to auto-execute code off of external devices.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
2. Re:False sense of security by icannotthinkofaname · 2009-05-23 17:39 · Score: 3, Insightful
  
  And then it would be "News for nerds," instead of, "Microsoft bashing session for nerds."
  
  --
  Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
Re:Remind me again by dgatwood · 2009-05-23 10:26 · Score: 4, Insightful

No, AutoRun should not exist. You can't create a warning that scares people into clicking "no". If you try that, the first thing the customers do is call your support line asking why their copy of [Insert expensive software package here] contains a virus when it is really just set to automatically run their installer. Then, the only valid use of AutoRun becomes a black mark for software vendors and they stop using it, making it a completely useless technology.
The only possible way to make AutoRun be usable without being a gaping security hole is to require that all AutoRun software be signed using a signing key distributed by the OS vendor. Unfortunately, that could be a slippery slope to requiring all apps be signed (at significant cost), which would be a giant step backwards for small software vendors, open source, etc. Such a security measure would also have to have been done from the very beginning to avoid the problem of existing apps causing panic attacks in end users.
The only solution is to kill AutoRun completely. It should not exist. It has no good reason for existing. The only thing it really does is by its nature a security hole. Just shut it off already.

--
Check out my sci-fi/humor trilogy at PatriotsBooks.
Buy our shit, seriously! by billcopc · 2009-05-23 10:29 · Score: 4, Insightful

Kaspersky releases "news" article about their virus scanner saving the day, while casting doubt on all PC vendors. Solution: Buy our shit!
I don't care whether it's malware, weapons of mass destruction, or kiddie porn. It's all baseless fear-mongering to push corporate or political influence, in the end it's all just money.
What they of course fail to highlight is the fact that the solution is neither effective nor guaranteed to work. Kaspersky's scanner, like any scanner, cannot catch all malware, just like Bush couldn't (wouldn't?) catch OBL. Perhaps worse is the high rate of false positives, such as when your virus scanner mistakenly recognizes a Linux ISO as a boot sector virus, or your republican mistakenly recognizes a Linux hacker as an islamic terrorist. Bullshit all around!

--
-Billco, Fnarg.com
What ought to happen by Animats · 2009-05-23 16:31 · Score: 3, Insightful

Recall Alert
U.S. Consumer Product Safety Commission
Office of Information and Public Affairs
Washington, DC 20207
May 23, 2009
Alert #09-993
M&A Companion Touch
The following product safety recall was voluntarily conducted by the firm in cooperation with the CPSC. Consumers should stop using the product immediately unless otherwise instructed.
Name of Product: "Companion Touch" notebook computer
Units: About 9,000
Distributor: M&A

Hazard: The laptop computer may have pre-installed hostile software (a "virus" or "worm") which could result in the unauthorized transmission of private user data, including bank account numbers and passwords, to a remote site.
Incidents/Injuries: None reported.
Remedy: Immediately stop using the device and return it to the point of sale for replacement. If bank account or credit card information has at any time been stored on the device, contact your bank and credit card providers to check for fraud and identity theft.
If computer security is to be taken seriously, such actions are essential.