p2pnet - rss feed: Factory installed spyware
p2pnet news | Security:- Some new electronic devices come factory pre-installed viruses that fire out spam, steal passwords and do other nasty things, including opening up infected systems to hackers.
So says the Associated Press which reviewed several such cases and found that in most cases, “Chinese factories, where many companies manufacture their products in efforts to contain costs, are the source”.
Is the malware/spyware installed deliberately?
“At this point the problem seems to be the result of lax quality control, rather than organized sabotage by hackers or the Chinese factories themselves,” says the storyk, gooing oin:
“For instance, a careless worker may have plugged an infected music player into a factory computer used for testing, the digital equivalent of the recent series of tainted toothpaste, pet food and toys traced back to China.”
But on the other hand, “If a corrupt employee or a hacker introduces a virus at an early production stage, when software is uploaded to the device, then the problems could be far more serious and widespread.”
“It’s like the old cockroach thing - you flip the lights on in the kitchen and they run away,” story heads Marcus Sachs, who runs the security research group SANS Internet Storm Center, saying.
Security experts suspect malicious software is loaded at the final stage of production, “when gadgets are pulled from the assembly line and plugged in to a computer for final verification testing,” says AP.
” If the testing computer is infected, for instance by a worker who used it to charge his own infected device, that virus can then spread to anything else that gets plugged in.”
One information-technology worker wrote to the SANS security group that his new digital picture frame contained “the nastiest virus that I’ve ever encountered in my 20-plus-year IT career,” says the story, going on, “Another said his new external hard drive had malfunctioned due to a pre-loaded password-stealing virus.”
The story quotes computer consultant Jerry Askew as saying a new Uniek digital photo frame bought at a Target, “tried to load 4 different Trojan viruses onto his computer”.
“Legal experts say these manufacturing infections could become a significant problem for retailers that sell the infected devices and the companies that make them, if customers can show they were harmed by the viruses,” says AP, quoting EFF (Electronic Frontier Foundation) legal director Cindy Cohn as stating:
“The photo situation is really a cautionary tale - they were just lucky that the virus that got installed happened to be one that didn’t do a lot of damage,” said Cohn.
“But there’s nothing about that situation that means next time the virus won’t be a more serious one.”
[NOTE - p2pnet is running a special reader’s survey. It only takes 20-30 seconds and it’d be a huge help if you’d fill it in. Please click here. Cheers! And thanks … Jon]
Also See:
Associated Press - Some Viruses Come Pre-Installed, March 14, 2008
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe
to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.phpNet access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
March 17th, 2008 at 2:26 pm
This isn’t new.
A couple years back I ran into a Dell with factory installed virus.
I only caught the virus because I installed my AV before installing the Application Restore CD.
When I tried to install the Dell Applications components Norton caught it.
I think everyone should be very cafefull when they buy a new computer and be sure to do a system resotre before they use it and also do several Virus scans with different online AV tools.
March 17th, 2008 at 5:55 pm
Craputer?
A crap computer. The term “craputer” has been coined to describe the onslaught of cut-every-corner, coddle-the-user, manufacturer-knows-best, pre-loaded-full-of-crap consumer-grade PCs made by eMachines, Compaq and others. Some earmarks of the “craputer” include:
Sponsored icons and Internet links on the desktop, Free Demos and Special Offers popping up at random, one-touch “shopping” buttons on the keyboard, and other factory pre-loaded marketing crap
Lack of a genuine Operating System installation disc or driver diskettes. Craputers often come with a set of “Recovery Diskettes” which, if used, will format your hard drive and restore your system to exactly how it was when you got it (in other words, re-load all the craputer components, regardless of how hard you’ve worked to get rid of them)
Slow boot-ups and sluggish system performance; system memory exhausted by the large number of unnecessary background programs (media players, task schedulers, registration reminder nags, background tasks with cryptic names and unknown purposes) loading on start-up. Is the space next to your system clock overrun with little icons? Is the Ctrl-Alt-Delete task list full, even when you close all programs and have “nothing running”?
Cut corners everywhere (cheapo components and missing PC Speakers, reset buttons, case fans, audio cables…)
Opening the Web Browser brings up, instead of Internet sites, an advertisement nag for the manufacturer’s Partner ISP, that you can’t get rid of; Won’t let you set it up to use your existing Internet account
Power or Reset button that doesn’t work, Malfunctioning Sleep Mode, and/or “helpful” power-management features that won’t take no for an answer
Several Gigabytes of your hard disk taken up by a “Recovery Partition” (SYSTEM_SAV) or other useless data
Craputer maker’s logo displayed during boot-up, covering up any boot-up messages that might alert you to problems or help troubleshoot your system
Can’t get into the CMOS setup to view or change settings (see previous)
http://www.cexx.org/craputer.htm
March 18th, 2008 at 6:34 am
Am I the only one bothered by the idea that something like a digital photo frame would even be designed with enough of an OS that it could automatically upload something to a computer when you plug it in? It should be a dumb device controlled by the computer.
Unless Windows is truly stupid enough to try auto-running whatever it happens to find on any device that you plug in, which actually wouldn’t surprise me that much…
March 18th, 2008 at 10:59 am
anything that can interface with a computer NEEDS to be either completely dumb (cannot do anything at all, like an external hard drive) or needs to have an OS.
you cant have a digital photo frame be dumb………
then it would just be an expensive black piece of plastic.
some sort of OS is required to install the photo software.
and without the photo software (whatever crap they use) you dont have any photos
March 18th, 2008 at 10:21 pm
…mine takes SD cards. it doesn’t plug into my computer, ever. I have no idea if it can load a virus onto the SD, but i can only assume it has no memory of its own other than the algorithms to read the SD card and display the picture, which are burned into the chips and cant be changed.
May 10th, 2008 at 10:54 pm
We had a guest in Computer Forensics class that stated that this is intentional and that the programmers work for the Chinese military. He also stated that there were similar issues with USB drives as well.