New Windows netbooks may harbor malware
Kaspersky finds worm, rootkit on out-of-the-box M&A Companion Touch
Computerworld - After discovering attack code on a brand new Windows XP netbook, antivirus vendor Kaspersky Labs warned users yesterday that they should scan virgin systems for malware before connecting them to the Internet.
When Kaspersky developers installed their recently-released Security for Ultra Portables on an M&A Companion Touch netbook purchased for testing, "they thought something strange was going on," said Roel Schouwenberg, a senior antivirus researcher with the Moscow-based firm. Schouwenberg scanned the machine -- a $499 netbook designed for the school market -- and found three pieces of malware.
"This was done at the factory," said Schouwenberg. "It was completely brand new, still in its packaging."
With a little more digging, Schouwenberg found multiple Windows system restore points, typically an indication that the machine had been updated with new drivers or software had been installed before it left the factory. One of the restore points, stamped with a February date, included the malware, indicating that it had been put on the machine before then. And the malware itself hinted how the netbook had been infected.
"In February, the manufacturer was busy installing some drivers for an Intel product in the netbook," said Schouwenberg, citing the restore point. Among the three pieces of malware was a variant of the AutoRun worm, which spreads via infected USB flash drives.
"The USB stick they used to install the drivers onto the machine was infected, and [it] then infected the machine," said Schouwenberg. Installed along with the worm was a rootkit and a password stealer that harvests log-in credentials for online games such as World of Warcraft.
Kaspersky has reported its findings to M&A, said Schouwenberg, but the netbook maker has not been in contact with the security company since then.
Although factory-installed malware is rarely found on consumer electronics, there have been cases. Last December, for example, Amazon.com told customers it had sold Samsung digital photo frames before the holidays that came with a driver installation CD infected with a Trojan downloader. "These [cases involving computers] are much rarer than picture frames," said Schouwenberg.
To ensure that a new PC is malware-free, Schouwenberg recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer and transferring that update to the new system, then running a full antivirus scan.
"That's the best course of action, even though it sounds like a lot of work," said Schouwenberg.
Read more about Security in Computerworld's Security Topic Center.
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- Technology for Everyone A Kansas school district modernizes teaching and learning and paves the way to a one-to-one program with a comprehensive upgrade of its wireless... All Mobile/Wireless White Papers | Webcasts