Friday, May 22, 2009

Buying Malware rather than getting it for free

This kind of incident (see article below) seems to be happening every few months. So you purchase a product (netbook) and it comes infected. No longer do you just have to worry about it working, or if the OS will behave nicely or the drivers will work with your printer. If the manufacturer can not control malware, what hope is there?

I am pretty puzzled about how the malware actually got on the machine. The article doesnt delve into too much detail, but looks like maybe a driver was infected that got placed on the machine. This seems to say the manufacturer does not use any kind of antivirus, or antimalware to test the security of the system before shipping it out. It also calls into question the security processes in place around managing software and development. A bit scary.

So what are some things you can do to protect against malware (i hope you know most of these already)

1) Use a firewall - A good personal firewall will help defend your system, especially if it has the capability to monitor outbound traffic or stop unknow programs from being run or installed. Try Zonealarm, free version.

2) Run anti-virus - This is obvious. while many antivirus programs will miss a lot of malware, you need a defense in depth strategy. Try AVG or Avast.

3) Install patches - A must do. Keep your systems patched because many worms, virus, and malware take advantage of unpatched system vulnerabilities

4) Use antispyware - This is a bit different from antivirus. It can stop malicious code from running and warn you of registry changes. A good start for the beginner is SpywareGuard and Spybot S & D.

5) Protect the browser - Browser protection software can stop activex controls from running, protect you from tracking cookies and known malware. Two examples are SpywareBlaster and IE-SpyAd

6) Stop Surfing Porn!


*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

*FREE Website Security Test


Netbook comes with factory-sealed malware
Chuck MillerMay 20, 2009
SC Magazine
In a rare occurrence, a brand-new factory-sealed netbook has been found to contain malware, according to researchers at Kaspersky Lab.

The factory-infected device, an M&A Technology Touch netbook, came with trojans on the disk image, found during a routine compatibility test.

“This case shows once again that even brand new products can leave the factory infected,” wrote Roel Schouwenberg, senior anti-virus researcher with Kaspersky Lab, on the company's Viruslist blog. “Safeguarding against infected new devices is particularly difficult.”

The machine seems to have been infected while technicians were installing drivers for the machine, he said.

“Given the dates associated with the files, it was clear that the infection had to occur somewhere in the process of putting these things together, or while installing drivers,” Schouwenberg told on Tuesday. “So it's logical to assume that a whole batch of these machines is infected.”

The infections found were examples of a common malicious family that tries to steal the online passwords of gamers and to spread to USB devices. The nature of the malware seemed to indicate that it showed up on the computer purely by accident.

“Games are very graphics intensive," Schouwenberg said. "Netbooks are not necessarily the best platforms for games. That means the malware was probably not specifically targeted to these machines.”

Manufacturers should have proper security processes in place, he said. Some makers, for example, actually have metal detectors to be sure that nobody walks into the factory with a USB stick, which they may use to accidentally introduce malware into new hardware.
Individuals at M&A Technology, which makes products for education, government and corporate customers, were informed of the problem, but did not respond publicly other than to say that they would look into it, Schouwenberg said.

No comments:

Post a Comment