Slashdot Mirror
Malware Found On Brand-New Windows Netbook
An anonymous reader alerts us to an interesting development that Kaspersky Labs stumbled across. They purchased a new M&A Companion Touch netbook in order to test a new anti-virus product targeted at the netbook segment, and discovered three pieces of malware on the factory-sealed netbook. A little sleuthing turned up the likely infection scenario — at the factory, someone was updating Intel drivers using a USB flash drive that was infected with a variant of the AutoRun worm. "Installed along with the worm was a rootkit and a password stealer that harvests log-in credentials for online games such as World of Warcraft. ... To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan."
Doesn't seem like an accident.
Yes, because any average Joe user is capable of utilising that 'solution'.
To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan
And people say Linux is user unfriendly? I never use Windows to visit banking/credit card/money websites, and I advise all my friends to do the same.
Qxe4
But trusting another computer depends on knowing it's clean of malware. I'd think it a better bet for Kaspersky to offer bootable thumb drives with a slim OS and their software, allowing users to scan any machine with a known good device.
You could always reformat the darned thing from scratch using a known-good version of whatever OS you're going to be using.
Honestly, ever since Vista became the de-facto OS shipped with new computers, I've been doing that, anyway.
Kythe
Oh, how I love Kaspersky's constant press releases.
"OMG Virus! Buy our product!"
All they seem capable of for marketing is different stunts related to finding viruses in weird places. Come on. Seriously.
they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan.
Just be sure to scan the thumb drive so you're not infecting it!
Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
I kind of figured that computer manufacturers had hard drive arrays to clone a pre-made installation. Pull each drive off the rack, put it in the computer, and make sure it boots, then box it.
They're really installing drivers by having some schmuck walk around with a USB stick?
I'm so glad to see this innovative feature finally being boldly embraced by an OEM. Until now, it's been sheer drudgery, waiting the twelve minutes or so it takes to get a new Windows install infected just felt like forEVar!
Caveat Utilitor
Autorun worm, Windows...thats only 2...where is the third malware item?
Wouldn't have happened if they had ordered that netbook with Linux pre-installed!
AutoRun should bring up a prompt, asking if you want to run the software, and remind you that you shouldn't let it run unless you were expecting it and know what it's for. That way, if you have a thumb drive that's not supposed to have anything on it but some driver updates, and the AutoRun prompt shows up, you know something's wrong. It wouldn't be fool-proof, because there are always going to be people who click OK without understanding what's going on, but it probably would have stopped this from happening.
Good, inexpensive web hosting
You repeat yourself.
Devices with any OS can come with malware. Even iPods and picture frames have been shipped with malware pre-installed. There's nothing magic about Linux, other than its ability to suppress the geek skepticism reflex.
Why on earth would that be a function of the usb drive and not the something running on the machine -- unless your intention is to 'backup' your friends machines or something -- in other words why wouldn't you implement that as a script on the machine that runs when a specific usb devices are connected to the machine?
Your idea just sounds like you're seeing nails because of the hammer in your hand...
Lets hear them, please.
"transferring that update to the new system, then running a full antivirus scan."
I guess I've been out of the Microsoft ecosystem for a long, long time... is it now common practice to run AV scans in a probably compromised environment? Or are malware authors so lazy these days that they can't even bother to write code which breaks any installed AV software?
c.
Log in or piss off.
so I am returning mine. Why do THEY get all the good stuff?? You mean I have to go ONLINE and download this 'malware' myself?? And they get 3 out of the box!
DON'T even THINK about making me pay for shipping the return!!
WARNING: Smartphones have side effects--most of them undocumented.
No, AutoRun should not exist. You can't create a warning that scares people into clicking "no". If you try that, the first thing the customers do is call your support line asking why their copy of [Insert expensive software package here] contains a virus when it is really just set to automatically run their installer. Then, the only valid use of AutoRun becomes a black mark for software vendors and they stop using it, making it a completely useless technology.
The only possible way to make AutoRun be usable without being a gaping security hole is to require that all AutoRun software be signed using a signing key distributed by the OS vendor. Unfortunately, that could be a slippery slope to requiring all apps be signed (at significant cost), which would be a giant step backwards for small software vendors, open source, etc. Such a security measure would also have to have been done from the very beginning to avoid the problem of existing apps causing panic attacks in end users.
The only solution is to kill AutoRun completely. It should not exist. It has no good reason for existing. The only thing it really does is by its nature a security hole. Just shut it off already.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Kaspersky releases "news" article about their virus scanner saving the day, while casting doubt on all PC vendors. Solution: Buy our shit!
I don't care whether it's malware, weapons of mass destruction, or kiddie porn. It's all baseless fear-mongering to push corporate or political influence, in the end it's all just money.
What they of course fail to highlight is the fact that the solution is neither effective nor guaranteed to work. Kaspersky's scanner, like any scanner, cannot catch all malware, just like Bush couldn't (wouldn't?) catch OBL. Perhaps worse is the high rate of false positives, such as when your virus scanner mistakenly recognizes a Linux ISO as a boot sector virus, or your republican mistakenly recognizes a Linux hacker as an islamic terrorist. Bullshit all around!
-Billco, Fnarg.com
And as a PC repairman I can say that autorun isn't even in the top 5 of ways an average Windows machine that crosses my desk gets boned. Hell I wouldn't even put it in the top ten. Maybe somewhere in the top twenty. The number 1 2 and 3 are 1-Hot_Lesbos.mpg.exe 2-Lame_pop_song.mp3.exe 3-here are those pics I promised! ( unsolicited email attachment from friend with password protected zip file).
Honestly the guy that put "do not show file extensions for known file types" as the default should have gotten a really good firing. That and the fact that on 95-XP if you choose to uncheck the "do not show file extensions" checkbox and hit rename explorer automatically will pick the ENTIRE file, including the extension. Which means if you let them see the extension you end up with a bunch of files renamed with no file extension that the user then has no clue what5 to do with or how to open. That was just some really stupid UI design.
Oh and for the PC repair guys out there that are having to wipe and reinstall Windows a lot, or like me build a lot of new XP machines, I would recommend Almeza Multiset to make you life a whole lot easier. I have a lot of programs like Oxygen Office and Klite Mega Codec Pack that I give my customers so when they get the box they can just flip the switch and go. With Almeza I only have to install and configure a program once and Almeza will make a nice unattended install CD with whatever programs I choose set the way I want them, be it FF3 with ABP, OO.o, whatever. All I do is pick "install all" and go have a smoke and when I return she is ready to go. I am not connected with the company in any way, it is just the best $39.99 I've spent when it comes to having to work on Windows.
ACs don't waste your time replying, your posts are never seen by me.
Autorun came from "put in the CD, the game starts." This was introduced before there was the possibility of recordable CD-R discs so it was utterly safe, until malware folks start producing CD-ROMs by the 1,000s.
Extending it to USB devices is problematic. Anything that can be written to by a user can then be used to corrupt other machines, assuming that some users have blackness in their hearts. That pretty much means that for CDs it isn't safe anymore either.
They have, in Windows 7.
Despite what a lot of the morons in Slashdot think, Microsoft does listen to people's complaints.
Self inserts Fallout3 disk into Win7 PC. Autorun brings up dialog box. Nope still there.
Despite what a lot of the morons in Slashdot think, Microsoft does listen to people's complaints.
Yeah, AutoRun and not showing the file extensions by the default are two of the most stupid ideas Microsoft ever had, and they have a _lot_ of stupid ideas. Maybe they did listen to complaints, but it took them 15 years to do something about it. Both those features started with Windows 95.
Personally, I'd prefer to do business with a company that doesn't take 15 years to fix its mistakes.
You are in a maze of twisty little passages, all alike.
Recall Alert
U.S. Consumer Product Safety Commission
Office of Information and Public Affairs
Washington, DC 20207
May 23, 2009
Alert #09-993
M&A Companion Touch
The following product safety recall was voluntarily conducted by the firm in cooperation with the CPSC. Consumers should stop using the product immediately unless otherwise instructed.
Name of Product: "Companion Touch" notebook computer
Units: About 9,000
Distributor: M&A
Hazard: The laptop computer may have pre-installed hostile software (a "virus" or "worm") which could result in the unauthorized transmission of private user data, including bank account numbers and passwords, to a remote site.
Incidents/Injuries: None reported.
Remedy: Immediately stop using the device and return it to the point of sale for replacement. If bank account or credit card information has at any time been stored on the device, contact your bank and credit card providers to check for fraud and identity theft.
If computer security is to be taken seriously, such actions are essential.
You're getting confused with Autoplay, they're not actually the same thing
Autoplay is what brings up the dialog box based on the contents of the media
Autorun is the method by which the autorun.inf file on the media is executed automatically.
You could normally disable autoplay easily, but autorun.inf files would still run. That doesn't happen anymore.