An adware package has turned up on the latest e-book devices from iRex, and will install itself automatically onto a connected PC if it gets the chance. The infection appears to be the imgInSOY worm, which copies itself between removable media and uses autorun.inf to infect any Windows system it comes across. In addition to …
maybe they should listen to their own advice and run anti-virus in their office so that workers can't infect machines by accident.
Is it just me or is there an increasing number of these happenings.
Why USB devices such as keys, Ipods etc shouldnt be allowed anywhere near the corporate network.
This kind of thing could well be more of a problem than data theft that these devices are advertised as being capable of by the sofftware vendors.
Disable USB in bios (password Protected) PS2 keyboards and Mice only
Factory worker accidentally infects device image master? totally plausible scenario.
You couldn't make this up.
The Iliad has a Trojan Horse in it?
If there were ever a definition of poetic justice, this has to be it.
But but but but...
...it's Linux, how can it have malware on it?!
The device is Linux powered, BUT it is detected as a mass storage device by Windows. It's not Linux itself that is infected by the trojan(chances are if someone hacked about with the device and installed Wine there is the possibility that it would at least attempt to run the trojan, but that wouldn't happen automatically, and there's no guarantee that Wine would run it anyway!).
It's just the same as if someone had a trojan on USB pen drive, CD/DVD, iPod, the device themselves don't run the trojan (I haven't yet heard of an iPod running Windows), it's the Windows device with it's Autorun enabled that is running trojan.
I find it shocking that it made it through quality control to be honest.
Autorun doesn't work from USB drives in Windows
Q: What must I do to trigger Autorun on my USB storage device?
The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. If you need to make a USB storage device perform Autorun, the device must not be marked as a removable media device and the device must contain an Autorun.inf file and a startup application.
@Dr. Vesselin Bontchev
But it's not hard to make it autorun:
"The removable media device setting is a flag contained within the SCSI Inquiry Data response to the SCSI Inquiry command. Bit 7 of byte 1 (indexed from 0) is the Removable Media Bit (RMB). A RMB set to zero indicates that the device is not a removable media device. A RMB of one indicates that the device is a removable media device. Drivers obtain this information by using the StorageDeviceProperty request." (same link)
I wouldn't be surprised if hardware manufacturers like to "help" people by enabling autorun in this way.
Proof-of-concept for Adobe?
Didn't El Reg run a story a couple of months back about Adobe and Yahoo!(?) entering into a deal to _deliberately_ infect .pdf documents with adware?
I know, these types will always _claim_ it's "accidental", but somehow it sounds like a proof-of-concept of some sort, to me.
Re: Proof-of-concept for Adobe?
Did you mean this, from November?
Stop horsing around
Never trust a Philippino bearing gifts!
Mine's the jacket next to the large shoe collection.
Accident my arse
More likely that factory worker was slipped a few dollars by a VX gang: "Hey matey, if you just pop this file into the master disc for us we'll see your family gets fed for another week". Given the two cents an hour those workers probably earn, and the violence with which they are all too familiar, it would have been an "offer too good to refuse"...
Paris because she knows the effectiveness of slipping third-world workers a few dollars...
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...