Want drive with preinstalled virus?

14/11/2007 Written by minor

If you plan to upgrade your com­puter or just buy­ing some spare parts, you should be care­ful. As Taipei Times informed, some Max­tor portable hard disks come with “virus pre­in­stalled”.

In Thai­land pro­duced dri­ves car­ried two files that help tro­jans get into the sys­tem: autorun.inf and ghost.inf. Tro­jans then upload data such as logins and other inter­est­ing infor­ma­tions to www​.nice8​.org and www​.we168​.org.

It is not the first time, when devices come with viruses. Two years ago Sony BMG released discs with DRM act­ing like a rootkit. And in Sep­tem­ber Ger­man chain sold lap­tops with “Stoned.Angelina”, really old virus that was first time seen in 1994.

Of course in cor­po­rate envi­ron­ment are often used spe­cial meth­ods for deploy­ing new machines, where repar­ti­tion­ing is done by deploy­ing OS, or they are already deliv­ered with disc images pro­vided before to ven­dors. But such portable devices are often bought indi­vid­u­ally by users, that have no idea about how to han­dle such devices before con­nect­ing.

Kai Roer in his blog posted few use­ful notes:

- never trust ANY hard­ware you bring into your perime­ter

- ALWAYS check EVERY­THING you install in your sys­tems and net­work — in a safe envi­ron­ment. For hard dri­ves, that means test­ing, low-​level for­mat­ing and sign­ing them off in a secure, non-​connected envi­ron­ment. You do have that, right?

- as secu­rity gets tighter, threats evolve and finds other ways to get to you. It is a long time since boot-​virus trav­eled by flop­pies. But if slow dis­tri­b­u­tion is the eas­i­est, most cost effi­cient way to hit you, that is how it will be done.

- tar­geted attacks are increas­ingly com­mon. We are leav­ing the days where the goal was to hit as many as pos­si­ble. The goal today is cash — not atten­tion.

In fact all these things we should keep in mind, but to be hon­est do we? Often in cor­po­rate envi­ron­ment you can see that noth­ing above men­tioned is con­sid­ered. More­over, pre­cisely planed and launched tar­geted attack on sin­gle per­son or group, that doesn’t con­cern about secu­rity, can cause real dis­as­ter even if the best poli­cies are applied, because the most vul­ner­a­ble point is between key­board and seat.