[LINK] Fwd: new virus source

Rick Welykochy rick at praxis.com.au
Sat Mar 15 10:27:49 AEDT 2008 

Jan Whitaker wrote:

>> Some viruses come pre-installed
>>
>> Jerry Askew, a Los Angeles computer consultant, bought a new Uniek 
>> digital picture frame to surprise his 81-year-old mother for her 
>> birthday. But when he added family photos, it tried to unload a few 
>> surprises of its own.
>>
>> When he plugged the frame into his Windows PC, his antivirus program 
>> alerted him to a threat. The $50 frame, built in China and bought at 
>> Target, was infested with four viruses, including one that steals 
>> passwords.
>>
>> "You expect quality control coming out of the manufacturers," said 
>> Askew, 42. "You don't expect that sort of thing to be on there."
>>
>> Security experts say the malicious software is apparently being loaded 
>> at the final stage of production, when gadgets are pulled from the 
>> assembly line and plugged in to a computer to make sure everything works.
>>
>> http://news.yahoo.com/s/ap/20080314/ap_on_hi_te/factory_installed_viruses

This is because of a nasty feature on USB sticks and other removable media
called autorun, e.g.

<http://www.computing.co.uk/computing/news/2189236/virus-targets-usb-sticks>

   "... then creates a hidden file called autorun.inf to ensure a copy
    of the worm is run the next time it is plugged into a Windows PC"

and

   "Cluley advises users to disable the autorun facility of Windows so
    removable devices such as USB keys and CD ROMs do not automatically
    launch when they are attached to a PC."

Yet again another insecurity in Windows that is turned on by default.

A similar feature on MAC OS X has been quietly disabled by Apple for
good reason.

<http://www.macdisk.com/cdstarten.php3>

   "The autostart feature was silently dropped under Mac OS X. See below
    for soem [sic] reasons of this choice. It doesn't seem that there are
    plans to change this. The read-me file is therefore the only solution
    if you target Macintosh OS X users."

Thus, virus/worm propagation can be accomplished on modern Macs (or
presumably Linux) via social engineering, i.e. the luser follows the
instructions contained on the media and this action installs the virus.

. . . . . . . . . .

An unrelated problem with removable media, esp. the ubiquitous USB stick
which now can hold 4 GB of data, is that they are carelessly left lying
around. If there is sensitive business/etc information on the stick, it
can be pilfered easily if it not encrypted.

<http://news.bbc.co.uk/2/hi/technology/4946512.stm>

    "Only 10% of those companies interviewed for the survey encrypt
     the confidential data stored on these portable devices."



cheers
rickw



-- 
________________________________________________________________
Rick Welykochy || Praxis Services || Internet Driving Instructor

Filling the tank of an SUV with ethanol requires enough
corn to feed a person for a year.
      -- The Economist: "The end of cheap food"

More information about the Link mailing list