Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Found On Brand-New Windows Netbook

Posted by kdawson on from the be-careful-out-there dept.

An anonymous reader alerts us to an interesting development that Kaspersky Labs stumbled across. They purchased a new M&A Companion Touch netbook in order to test a new anti-virus product targeted at the netbook segment, and discovered three pieces of malware on the factory-sealed netbook. A little sleuthing turned up the likely infection scenario — at the factory, someone was updating Intel drivers using a USB flash drive that was infected with a variant of the AutoRun worm. "Installed along with the worm was a rootkit and a password stealer that harvests log-in credentials for online games such as World of Warcraft. ... To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan."

23 of 250 comments (clear)

  1. Ha ha. by yourassOA · · Score: 5, Insightful

    Doesn't seem like an accident.

    1. Re:Ha ha. by Runaway1956 · · Score: 4, Informative

      Nor is it really news. The wife bought a Compaq some years ago. I cleaned it of malware, then in a few days, she complained of more. Did a "restore" from the restore partition. Malware restored itself along with the Windows OS. Imagine that....... OEM's are PAID to install crapware, and they are only to happy to accept the money.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  2. Right..... by phantomfive · · Score: 5, Insightful

    To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan

    And people say Linux is user unfriendly? I never use Windows to visit banking/credit card/money websites, and I advise all my friends to do the same.

    --
    Qxe4
    1. Re:Right..... by phantomfive · · Score: 4, Insightful

      The only reason it's always that way is due to the fact it would be almost useless for an attacker to target linux ......

      It's not the only reason. The obvious counter-example is IIS vs Apache, where IIS has gotten owned more than Apache, despite Apache's vastly greater marketshare.

      Personally I'm looking forward to a world that is 30% OSX, 30% Linux, and 30% Windows. Not only will there be more software available for the OS of my choice, but also it will be harder for malware to spread. Look, in this case if the manufacturers hadn't been using Windows to download the drivers in the factory, the virus wouldn't have spread to the new computer. Monoculture is bad for many reasons.

      --
      Qxe4
    2. Re:Right..... by phantomfive · · Score: 4, Informative

      Start with IIS 6 and that isn't really true anymore. It is widely accepted by those without a bias that IIS 6 is as good as equivalent Apache releases (when properly configured, of course).

      That's irrelevant to the point I was making though, which is that popularity is not the only thing that matters where security is concerned.

      Do you really think having to write software on 3 different systems will result in less malware? Do you think companies will double the development staff to accommodate the differences in systems? I think a 33/33/33 split would make software companies have to support more variances, but probably not do any as well as they do now.

      This is an interesting point, but in the old days, software companies supported Commodore, Apple, IBM, Atari, etc. The reality of the situation is that for most big software companies, the number of programmers they have is only vaguely related to the income they generate from their software. A single programmer can write code that generates millions of dollars if you can get people to pay for it. So most companies are going to do a cost/benefit analysis: is it worth it to port my software to X system? If there are millions of users on that system, the answer is probably yes. Most major software already runs on both Macintosh and Windows, and OSX only has about 10% of the marketshare. I see no reason they wouldn't write for all three systems in many cases (although I admit I would be happy to leave Windows out, since it's relatively a pain to write for).

      do you really think a Windows user that has just "clicks thru" wouldn't do the same on Linux (or type sudo first or whatever the equivalent is on OSX)?

      This is a good question, and you are probably right, but the security model in OSX is a lot more clear, so it would be easier to teach users, "If you have to type in your password, something bad might happen!" On OSX application installation is just a matter of drag and drop, normally there is no need to type in your password, so if you do have to, then you really need to think about what you're doing.

      --
      Qxe4
    3. Re:Right..... by sphealey · · Score: 4, Insightful

      > Do you really think having to write software on 3 different
      > systems will result in less malware?

      Do you really thing that monocrop agriculture could destroy an entire civilization? Oh wait...

      And when NASA attempted to build the ultimate fail-safe computer system for the Shuttle do you really think they wasted their money having 1 of the 5 CPUs built, designed, and programmed by an entirely separate organization than the primary contractor and prohibiting the two design groups from communicating with one another? Oh wait...

      sPh

    4. Re:Right..... by hairyfeet · · Score: 5, Funny

      Uuuhhhhh....I really hate to burst your reality bubble there, bud, but there is a reason why all the Linux servers aren't getting pwned and the Windows desktops are. It is because they have these things called server admins and they are usually pretty damned smart. They are also really anal retentive when it comes to anything security related. With good reason, after all they are getting paid the big bucks to be. Meet Glenn. Say hi Glenn (I'm busy, go away) not a very social creature, Glenn is a Linux server admin. He spends most of his time on security websites and learning about the latest nasty when he isn't testing a new tweak on the test server to see if he can get an extra .05% performance under load. In his free time he enjoys black hat conferences, which his employer is happy to pay him to attend.

      Now we are going to meet an average Windows desktop user. Meet Velma. say hi Velma (Hi Y'all!) isn't she sweet? Little Velma works at the local insurance agency. they love her there because she can take one look at a customer and without looking up a shred of paperwork say something like this "Hi Bob! How's your oldest girl? You know she's about ready to get her learner's permit so I've already looked up the most affordable coverage for her. Does she have really good grades? She can get an extra discount if she does" and so on. Little Velma is really good at generating sales. She is sweet and friendly and always knows your name and remembers all about your family. Everybody loves little Velma.

      /cue ominous music......But we here in the PC business have a nickname for little Velma, one that she don't know about but is well earned it is....the disaster area! Dum dum dum! That is because little Velma is the trusting kind of sort, and on a computer that equals danger. Let's watch as little Velma interacts with her friendly neighborhood PC repairman, a big but lovable biker looking chap known on the net as hairyfeet.../feet/Now Velma, we have talked about this. you shouldn't mess with email attachments, I don't care who they are from. And if it is a .zip that you have to put a password to open it is a virus and you shouldn't touch it! /Velma/ But my bff Kim sent me this! See there is her name and everything! I'm sure it will be safe! /feet/Velma look, it is an executable and NOT happy puppy pictures! Do NOT run that! /Velma/ Oh, you worry too much. My bff Kim wouldn't send me anything bad. (inputs password, runs .exe, porn popups start flooding the screen while the network gets pounded) ooops. /feet/ .......

      And now you have seen an actual demonstration of why Linux is safe on servers. It is safe on servers because it is administered by guys like Glenn, say goodbye Glenn (I'm busy!) and does NOT have any Velma types mucking it up. Say goodbye Velma (Bye Y'all!). If you were to let Velma and all her friends loose on Linux if they didn't break them immediately they would become spambots in no time. It is because the malware writers have already figured out how to use a sinister concept called social engineering to target Velma and her types VERY effectively. Glenn isn't very social (Bite Me!) and is a naturally cynical creature and therefor social engineering really isn't an effective tool on his type. This is why Linux can enjoy the freedom to operate on some many servers across America without the constant malware like poor Velma gets. Tune in next week when we meet Bob, the Windows network admin, also known as the "where the hell is the damned disk?" guy.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    5. Re:Right..... by JSG · · Score: 5, Interesting

      Mr haireyfeet - thank you for reminding me why I have been reading /. for the last GKHL.

      That is a beautifully pitched diatribe with a good measure of sarcasm and humour, mixed in with a few typographical conventions that I don't really understand but could make an educated guess at.

      However, there are an awfull lot of Linux (and *BSD et al) systems that are being put in the hands of Tuxvelma. You see, like it as not we Linux admins are not the only folk who access these things or even (shock, horror) actually own them.

      My wife is not exactly the most technologically sharp person but she insists (after a bit of a demo) on FF for her browser.

      Also, after Vista went a bit wonky on her identical to mine laptop, she asked me to put whatever I was running on it. So (1 year) now (5 months) we (20 days) have another Gentoo user - belting!

      Incidentaly I'm an MCSE as well (crap). Oh and an NCP and an LCP and a complete and utter nerd. I'm also an MD. Nerd or MD - I'm not sure which I prefer most.

    6. Re:Right..... by phantomfive · · Score: 4, Informative

      You haven't thought this through. It's pretty well accepted that a monoculture is bad for computer security. If you would like to discuss the issue, then I suggest you inform yourself on the research and arguments in the topic, and then you will be much better informed to make an insightful comment. Then we can talk.

      --
      Qxe4
    7. Re:Right..... by TheP4st · · Score: 4, Funny

      You insensitive clod, I am a 40 year old virgin and moved out of the basement a year ago!

      --
      "I have downloaded hundreds and hundreds of records, why would I care if somebody downloads ours?" Robin Pecknold
  3. Who watches the... by yerktoader · · Score: 5, Insightful

    But trusting another computer depends on knowing it's clean of malware. I'd think it a better bet for Kaspersky to offer bootable thumb drives with a slim OS and their software, allowing users to scan any machine with a known good device.

  4. Or... by Kythe · · Score: 5, Informative

    You could always reformat the darned thing from scratch using a known-good version of whatever OS you're going to be using.

    Honestly, ever since Vista became the de-facto OS shipped with new computers, I've been doing that, anyway.

    --

    Kythe
    1. Re:Or... by yerktoader · · Score: 5, Insightful

      You know, I always thought it would be a good idea to ship PC's without the OS loaded. If the end user had to set up the OS it would force them to learn the basics...But that's why I'm an ex-tech support asshole I guess.

  5. Press Release: Stunt number 43242 by JK_Huysmans · · Score: 4, Insightful

    Oh, how I love Kaspersky's constant press releases.

    "OMG Virus! Buy our product!"

    All they seem capable of for marketing is different stunts related to finding viruses in weird places. Come on. Seriously.

  6. They really hand-install drivers? by Anonymous Coward · · Score: 5, Interesting

    I kind of figured that computer manufacturers had hard drive arrays to clone a pre-made installation. Pull each drive off the rack, put it in the computer, and make sure it boots, then box it.

    They're really installing drivers by having some schmuck walk around with a USB stick?

  7. Convenience! by clang_jangle · · Score: 5, Funny

    I'm so glad to see this innovative feature finally being boldly embraced by an OEM. Until now, it's been sheer drudgery, waiting the twelve minutes or so it takes to get a new Windows install infected just felt like forEVar!

    --
    Caveat Utilitor
  8. 3? by Anonymous Coward · · Score: 5, Funny

    Autorun worm, Windows...thats only 2...where is the third malware item?

  9. False sense of security by Len · · Score: 4, Insightful

    Devices with any OS can come with malware. Even iPods and picture frames have been shipped with malware pre-installed. There's nothing magic about Linux, other than its ability to suppress the geek skepticism reflex.

    1. Re:False sense of security by Sir_Lewk · · Score: 4, Insightful

      The main difference is the vast difference in security practices between the two platforms. The only reason malware on ipods and photo frames is dangerous is because windows by default thinks that it's clever to auto-execute code off of external devices.

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  10. I didn't get any malware by Provocateur · · Score: 4, Funny

    so I am returning mine. Why do THEY get all the good stuff?? You mean I have to go ONLINE and download this 'malware' myself?? And they get 3 out of the box!

    DON'T even THINK about making me pay for shipping the return!!

    --
    WARNING: Smartphones have side effects--most of them undocumented.
  11. Re:Pffft by Bigjeff5 · · Score: 5, Informative

    First, the autorun worm was absurdly difficult to remove. The larger the organization the more likely it is to stick around.

    Second, have you ever built a corporate or OEM OS image before? Using a usb drive to install drivers is not only likely, it's practical.

    The way modern mass-images work is as follows: you have your technician machine, upon which you build the custom tools to incorporate into the image - this would be scripting software packages, customizing settings, etc. Then you have your build machine - this is a clean machine with a fresh OS install on it. You then customize that machine exactly the way you want it, installing custom packages, add all the drivers for all the machines in your product lineup (be sure to include a script to remove the unneeded drivers post-sysprep!), and reseal it to OEM spec with sysprep (which calls any necessary post-build scripts).

    Now, you test, test, test, and test to be sure it is good, and mass deploy it to all your hard drives that will be going into all your machines. Much of this does not have to be changed when new models are added, and with MS's newer tools a lot can simply be slipped in to the image itself without having to re-seal it. Very convenient. That also may be how this thing got in as well, who knows.

    The breakdown here was on the final step: apparently nobody scanned the test machine for viruses/malware before deploying the image. I'm surprised only a few netbooks were hit, unless the others just haven't noticed yet, heh.

    --
    Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
  12. Re:Remind me again by dgatwood · · Score: 4, Insightful

    No, AutoRun should not exist. You can't create a warning that scares people into clicking "no". If you try that, the first thing the customers do is call your support line asking why their copy of [Insert expensive software package here] contains a virus when it is really just set to automatically run their installer. Then, the only valid use of AutoRun becomes a black mark for software vendors and they stop using it, making it a completely useless technology.

    The only possible way to make AutoRun be usable without being a gaping security hole is to require that all AutoRun software be signed using a signing key distributed by the OS vendor. Unfortunately, that could be a slippery slope to requiring all apps be signed (at significant cost), which would be a giant step backwards for small software vendors, open source, etc. Such a security measure would also have to have been done from the very beginning to avoid the problem of existing apps causing panic attacks in end users.

    The only solution is to kill AutoRun completely. It should not exist. It has no good reason for existing. The only thing it really does is by its nature a security hole. Just shut it off already.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  13. Buy our shit, seriously! by billcopc · · Score: 4, Insightful

    Kaspersky releases "news" article about their virus scanner saving the day, while casting doubt on all PC vendors. Solution: Buy our shit!

    I don't care whether it's malware, weapons of mass destruction, or kiddie porn. It's all baseless fear-mongering to push corporate or political influence, in the end it's all just money.

    What they of course fail to highlight is the fact that the solution is neither effective nor guaranteed to work. Kaspersky's scanner, like any scanner, cannot catch all malware, just like Bush couldn't (wouldn't?) catch OBL. Perhaps worse is the high rate of false positives, such as when your virus scanner mistakenly recognizes a Linux ISO as a boot sector virus, or your republican mistakenly recognizes a Linux hacker as an islamic terrorist. Bullshit all around!

    --
    -Billco, Fnarg.com