Asus admits Eee Box mini PC shipped with virus

[Gary]

Seems Asus's nice little Eee Box min shipped with a virus in its D drive partition in Japan and maybe other areas, what gets me is how on earth did this happen?

"According to Symantec, the malware is likely to be the W32/Usbalex worm, which creates an autorun.inf file to trigger recycled.exe from D"

This trend in new hardware having malware from new is very worrying, and still shocks me.

Full story here

[Rik]

It's good to know you can buy with confidence, isn't it. 

[Gary]

It's good to know you can buy with confidence, isn't it. 

Its shocking Rik, how on earth does this happen? I can only thing organised crime has operatives in these places and are letting things slip in and through for their own gains

[Rik]

Who knows, Gary. I tend to subscribe more the the 'sheer bloody carelessness' theory - manufacturers are cutting corners to save pennies.

[Gary]

Who knows, Gary. I tend to subscribe more the the 'sheer bloody carelessness' theory - manufacturers are cutting corners to save pennies.

Very True but the malware has to get on the drives somehow during manufacture? I suppose carelessness and using already infected components could be an issue, I mean an image on each pc with a virus on it would do it, but what about those virgin HDD that were infected?

[Rik]

No HD is ever virgin though, is it. During testing, data has been written and read. How it comes to have a virus amongst it, and how that's left and not deep wiped, though, defeats me.

[Gary]

No HD is ever virgin though, is it. During testing, data has been written and read. How it comes to have a virus amongst it, and how that's left and not deep wiped, though, defeats me.

True but as you say how a virus gets on there and stays is mind boggling

[Rik]

Sloppy quality control?

[Gary]

Sloppy quality control?

frightening sloppy control, there is no excuse for that

[Rik]

There isn't, but we see it more and more, Gary.

[Gary]

There isn't, but we see it more and more, Gary.

Well with Norton on most machines its going to be fun as the malware on new pc's tries to disable the av at startup for the first time

[Rik]

I thought Norton was malware? 

[Gary]

I thought Norton was malware? 

well the new 2009 is much better and when I uninstalled it it really did go, registry was clean if I could overcome the branding I would have maybe used it.....ok maybe not but it is better. Funny thing is what they claim as new features are what Kaspersky does already, I have mine set to update every 30mins i could set it to 5mins if I wanted its funny watching big corporations claim new ideas when its already out there in one form or another.

[Rik]

There are no new ideas, only different spin...

[somanyholes]

does make you wonder how this one happened. This sort of attack vector is becoming more and more prevalent. This particular issue is the easiest type to spot. The underground economy is now adding code to the hardware, such as adding code to a processor. As far as joe blog's goes he has no chance of knowing that it exists, no general security software will be able to pick this type of thing up, and with the majority of our tech hardware coming from overseas how is this getting vetted, or is it getting vetted?  A prime example of this type of thing was the counterfit cisco hardware that the us military bought, anything could have been modified. From an attackers perspective this is all great. Have mass produced hardware delivered to the door with little chance of being caught. Fun fun.......

[Rik]

Interesting thought, So. I wonder who builds the trigger mechanisms for the bomb?? 

[somanyholes]

any interesting talk on this type of thing here, let me know if you want the audio

http://www.defcon.org/html/defcon-16/dc-16-speakers.html#Kiamilev

[Rik]

And I thought there was enough to worry about with the financial situation... 

[Sebby]

Who remembers when iPods shipped with a virus? I can only think it's an disgruntled employee.

[Steve]

It probably very eec to do I'd better shuffle off and check my netbook hidden partition.

[Rik]

It just shows the value of installing AV software on a new machine as the first step.

[Steve]

It just shows the value of installing AV software on a new machine as the first step.

I purchased office 2007 student edition and it came with Norton 360 version 2.0. I thought I might as well try it on the netbook and so far after an initial play around at getting rid of extras (I just need firewall and AV)it's been fine. However I'm pretty sure it wont migrate to a serious machine.

[zappaDPJ]

This slip from Asus is pretty lamentable but this one from another well know organisation is just shocking:  http://news.bbc.co.uk/1/hi/technology/7583805.stm

[Rik]

That could have been a nasty 'Oops!'.

[JB]

"Nasa told SpaceRef that no command or control systems of the ISS were at risk from the malicious program. "

That's because a virus was a very rare thing when the ZX81 was designed.

[Rik]

 

I thought it was the 6502, JB.

[Ted]

This slip from Asus is pretty lamentable but this one from another well know organisation is just shocking:  http://news.bbc.co.uk/1/hi/technology/7583805.stm

"The worm was first detected on Earth in August 2007"

[Rik]

Shame it wasn't 2001 really, Ted.

[Simon]

It just shows the value of installing AV software on a new machine as the first step.

Or, perhaps, just format the thing and start again?  At least it would get rid of all the pre-installed crud that seems to come with new machines.

[Rik]

True, provided you get a true Windows disc, and not one of these recovery jobs.

[Simon]

I always keep one to hand. 

[Rik]

Sandra been at it again then? 

[Simon]

Last time I looked, they were reusable.    You would need the licence key, of course. 

[Rik]

The keys are tied to batches of discs, so they don't always work. Or so I am told.

[Simon]

Really?  I've never had a problem, and have used an SP2 disc with a pre-SP1 key.  Not tried an SP3 disc yet.

[Rik]

That's the received wisdom, but I've never needed to test it. Sandra would know for sure.

[Simon]

Indeed.

[somanyholes]

another example of the "supply chain attack"

http://www.telegraph.co.uk/news/newstopics/politics/lawandorder/3173346/Chip-and-pin-scam-has-netted-millions-from-British-shoppers.html

[Gary]

another example of the "supply chain attack"

http://www.telegraph.co.uk/news/newstopics/politics/lawandorder/3173346/Chip-and-pin-scam-has-netted-millions-from-British-shoppers.html

That would explain a lot, So 

[Inactive]

another example of the "supply chain attack"

http://www.telegraph.co.uk/news/newstopics/politics/lawandorder/3173346/Chip-and-pin-scam-has-netted-millions-from-British-shoppers.html

That really is alarming So.. very soon we will all be going back to cash and cheques if this continues.


So much for the security of " Chip & Pin ".

[Gary]

That really is alarming So.. very soon we will all be going back to cash and cheques if this continues.


So much for the security of " Chip & Pin ".

I think cash is safest really In, having chip and pin machines compromised would explain a few dodgy card hacks we had I was never sure chip & spin would really be that much better as  anyone can watch your pin being typed in if you are not careful, as well as machines it appears, giving a handful of notes seems safer these days

[Inactive]

as  anyone can watch your pin being typed in if you are not careful,

That is something that has always puzzled me Gary, was it not obvious to them that at least a visual guard was required to stop prying eyes watching pin input? ... It would have added about a £1 to the cost of each machine.

[Rik]

Less than that, In. No brainers obviously refer to the people in the industry in this case. 

[Gary]

That is something that has always puzzled me Gary, was it not obvious to them that at least a visual guard was required to stop prying eyes watching pin input? ... It would have added about a £1 to the cost of each machine.

It made security a farce In, and anyone dodgy in security watching the CCTV can have a prime view of what's being typed, as you say why did they make it so easy, most people do not know that some machines you can take out the slot and turn from the customers to hide what you type

[somanyholes]

That really is alarming So.. very soon we will all be going back to cash and cheques if this continues.


So much for the security of " Chip & Pin ". Roll Eyes

I wish cash would hang around but there's not much chance of that. 20 years at the complete most and it will be dead. Chip and pin could have been implemented in a better fashion. I personally would have preffered just entering a number of digits from your password/passphrase, Even better make it alpha-numeric, but i suppose that would make the more forgetfull ones have issues at the till, not that they don't now though.....

The goverment really want us to ditch paper money for many reasons, the prime ones being,
1. If everything's digital they will be able to track whatever you do/purchase.
2. The paper system at banks works differently than the electronic one, and they want it all under the same banner
3. Kill the underground money markets/reduce crime. If your phone is stolen how are they going to sell it in a paperless system without risk/trackability
4.Terrosim/say no more
5. It now costs more to make some coinage than it's value, i think the nickel is an example of this.

[Rik]

And, of course, it's safer not to carry cash. Being mugged electronically doesn't show in crime figures. 

[somanyholes]

on a slightly happier note, in someways anyway.

A new service has arrived that uses your mobile phone, (i know there are privacy issues here)

Basically if you make a purchase at a store, when it's being authorised it will check to see if your mobile phone is in the same location as the purchase that is being made. If it isn't then the transaction will be denied. I know this isn't without it's downsides but still not a bad idea.

I can't remember the dam name of it  , it's not available here yet from what I can remember....

[Rik]

Personally, I like the idea, So.

[Inactive]

Oh wonderful, no signal,.... no shopping.

Orange cut off your Sim Card....no shopping.

[Rik]

I guess it relies on you having a mobile. If you don't, or you get a flat battery, they would have to have a manual fallback, eg phoning the card company...

[somanyholes]

Oh wonderful, no signal,.... no shopping.

Orange cut off your Sim Card....no shopping.

personally if this involves my partner it's a good idea

[Rik]

 

Remote control of phone, So?

[Inactive]

  Nice one So.

[somanyholes]

i suppose they could do failover on gps in your car? As i said, it does have it's drawbacks

[Rik]

The easiest route would be to microchip us, surely?

[Gary]

Personally, I like the idea, So.

Not for me Rik, they know where you are what shops you are in, I have my mobile privacy settings set to emergency services only, I do not want my movements traced via a mobile phone on top of everything else

[somanyholes]

Remote control of phone, So?

I like that a lot

[Rik]

Not for me Rik, they know where you are what shops you are in, I have my mobile privacy settings set to emergency services only, I do not want my movements traced via a mobile phone on top of everything else

I simply don't care, Gary. If I worried about such stuff, I'd never go out.

[Inactive]

i suppose they could do failover on gps in your car? As i said, it does have it's drawbacks

That would rule out my AA Road Atlas I guess.

[Rik]

Not if it was chipped.