back to article Brit network O2 hands out free Windows virus with USB pens

A marketing campaign by O2 that sent customers USB-embedded pens backfired last week – after it transpired a number of devices contained a "Windows-specific virus." The UK cellphone network sent out the USB pens to its business customers followed by a marketing email encouraging them to download a free eBook. That was then …

  1. gv
    Pirate

    Hopefully if you are using your computer as a public web server, you won't be inserting random USB devices into it.

    1. AndrueC Silver badge
      Stop

      ..and would hopefully be using a more up to date version of Windowsan operating system not on that list.

  2. Anonymous Coward
    Anonymous Coward

    Santayana

    "Those who cannot remember the past are condemned to repeat it"

  3. Captain Scarlet Silver badge

    Windows Vista?

    Seems like a really old virus then if its targeting Windows Vista and below?

    1. hplasm
      Meh

      Re: Windows Vista?

      Seems like a really same old virus then if its targeting Windows.

    2. Hans 1
      Boffin

      Re: Windows Vista?

      > Seems like a really old virus then if its targeting Windows Vista and below?

      Noooo, if it affects Vista, chances are "very" high it will infect WIndows 7 as well ... since Vista is not yet out of security patches ... just writing ...

      1. Captain Scarlet Silver badge

        Re: Windows Vista?

        Well my thinking was when Windows Vista came out there were obviously more people using Windows 9x.

        The article does mention it auto updates.

        I suppose what I should have said is "Oi El Reg, whats the name of the malware on the sticks?"

    3. razorfishsl

      Re: Windows Vista?

      no... it is targeting servers, in places like hk they are still running 2003.

      chances are this was part of a left over batch of pens from some place else.

    4. Kay Burley ate my hamster

      Re: Windows Vista?

      Autorun enabled for USB drives until Windows 7 perhaps...

      1. eJ2095

        Re: Windows Vista?

        How would you tell if Vista had a virus.........

        I thought it was the virus ;-0

        1. David Haworth 1

          Re: Re: Re: Re: Windows Vista?

          Quoth eJ2095: I thought it was the virus ;-0

          Failed virus. It didn't spread very well after all.

  4. Haku
    Facepalm

    We need a double facepalm icon.

    Or even a triple facepalm.

    1. Dwarf

      Re: We need a double facepalm icon.

      You mean like D'oh D'oh or even D'oh, D'oh, D'oh ?

      Even though this is O2's fault as the supplier, if the last decade's guidance on good information security had any benefit at all to end users, then they should know about the need for up-to-date AV and not shoving free things into the computer without considering where its been and the associated risks and countermeasures to reduce those risks.

      You have to wonder what would happen if someone turned up at their front door with free doughnuts, I bet they would take those as well.

      When will people learn.

      1. Haku

        Re: We need a double facepalm icon.

        "When will people learn."

        In a lot of cases, never.

        But then there are instances that even take the most cautious by surprise, like you'd never expect a commercially pressed audio CD to root your computer.

        1. DoctorNine
          Stop

          Re: We need a double facepalm icon.

          Staking the enterprise security structure on network users learning good computer habits, is like staking your own personal hygiene on users of a public washroom learning good sanitary habits. I guess you COULD, but most of us are a bit more risk averse.

        2. Chika

          Re: We need a double facepalm icon.

          In a lot of cases, never.

          Very true. Consider that if people did actually learn then there would be no point to continue doing this.

      2. D 13

        Re: We need a double facepalm icon.

        Can I have a free doughnut?

        1. Dwarf
          Joke

          Re: We need a double facepalm icon.

          See what I mean ;-)

      3. PNGuinn
        Coat

        doughnuts

        D'oh ...

        Doughnuts ....

        Mmmm, Doughnuts ...

        Internet of Doughnuts ... mmmm ...

        Thanks - it's the one with the free usb doughnut in the pocket ...

        1. ecofeco Silver badge

          Re: doughnuts

          Into immortal words of Homer Simpson, "rarlghrarlgrarglhrarg"

          1. ecofeco Silver badge

            Re: doughnuts

            Damn phone

        2. IglooDude

          Re: doughnuts

          That's part of security awareness at my place, we bring in doughnuts every month or two, and they're Security Donuts (lax American spelling, sure) - as in:

          Donut click on that link!!

          Yes, granted it's dorky, but all the more memorable for it.

          1. herman

            Re: doughnuts

            Building a system with a web browser and hot linking and then telling users not to click on links is ridiculous. Don't blame the user for your own incompetence.

  5. m0rt

    "He said: "For any customers that have already used the USB or are concerned, we have a specialist team on hand to support them and guide them through any action they may need to take. We apologise for any inconvenience." ®"

    Oh really? A specialist team? So where were this specialist team when some ****head thought you should send out USB sticks as a marketing exercise?

    1. Triggerfish

      Well when planned they did not think this could happen, so they became a cost saving.

    2. PNGuinn
      FAIL

      Specialist team ...

      Hello, o2 specialist free usb virus support ... Homer speaking ....

  6. AMBxx Silver badge
    Megaphone

    Capita? Is that you?

    Currently going through the pain of getting PAC codes from O2-Capita. I'm sure I'll be receiving a 'free' virus through the post any day.

  7. J. R. Hartley

    A spokesman said:

    "This is the one thing we didn't want to happen"

    1. kmac499

      Re: A spokesman said:

      Well that's good to know... At least their heart is in the right place, shame about the brain.

    2. MyffyW Silver badge

      Re: A spokesman said:

      Was there really only one thing they didn't want to happen? That's comforting.

      Customer: Your sales staff have turned into flesh-eating zombies.

      O2: That's fine.

      Customer: Your mobile signal reprogrammed my DNA and now I'm a Salamander-like being and Lt Tom Paris is getting amorous.

      O2: That's fine, Captain Janeway.

      Customer: I got a virus off your freebie pen.

      O2: "This is the one thing we didn't want to happen."

      1. Phil W

        Re: A spokesman said:

        Love the incredibly episode specific Voyager reference.

        Go go gadget Warp10 drive.

      2. d3vy

        Re: A spokesman said:

        Glad to see I'm not the only one working through the voyager series now that they are streaming on Netflix!

        1. MyffyW Silver badge

          Re: A spokesman said:

          @Phil_W and @d3vy ... one of those episodes where you don't just have to suspend your disbelief, but wrestle it to the floor and tickle it into submission.

          1. Kiwi
            Alien

            Re: A spokesman said @MyffyW

            @Phil_W and @d3vy ... one of those episodes where you don't just have to suspend your disbelief, but wrestle it to the floor and tickle it into submission.

            I think that was about the last episode of ST:V I ever watched. Actually wondering if I should try again.

            Now if you want a truly terrible SciFi experience, one that could put you off SciFi for the rest of your life, watch DS9 in the shortest time possible. If you can.

            (#B5Fan... :) )

      3. Adrian 4

        Re: A spokesman said:

        Of course it's worse.

        O2 sales staff already ARE flesh-eating zombies. Nothing to be lost there.

    3. asphytxtc
      Thumb Up

      Re: A spokesman said:

      Loved the Brass Eye reference ^.^

  8. Anonymous Coward
    Anonymous Coward

    Windows NT???

    No f way... unless they provided USB drivers too for that pen drive.

    1. Mage Silver badge

      Re: Windows NT???

      Win2K (NT5.0), XP (NT5.1), 2003, Vista etc are all NT.

      NT4.0 actually did have a engineering release USB stack. It worked with Windows 2000 devices/drivers, if you hacked the installer to accept NT4.0 or your NT4.0 to report as NT 5.0 (Windows 2000)

      1. Anonymous Coward
        Anonymous Coward

        Re: Windows NT???

        these version numbers piss me off. I just finished a script to remotely read hklm\sw\ms\ie\version vector\IE , only to realise the value therin bares little relevance to the version of IE

    2. Stuart Castle Silver badge

      Re: Windows NT???

      Not necessarily. NT had plenty of security holes that could be exploited via an unsecured network share. All it would take is for one newer machine on the network (running a recent version of Windows) to become infected when someone plugs in a USB, then the virus could start scanning other machines on the local network for unsecured shares (or even secured ones if it can exploit a vulnerability in SMB), then using a vulnerability in NT's RPC (Remote Procedure Call) subsystem to copy itself to another machine, then install itself on that machine. All with no user intervention.

      Remember, newer versions of Windows lock down pretty much everything network wise until it is needed. NT did the total opposite.

  9. gregthecanuck
    Mushroom

    Oh dear...

    Gives new meaning to "The pen is mightier than the sword" .

  10. The Man Who Fell To Earth Silver badge
    WTF?

    Hey! O2!

    The 00's called and want their pen back.

  11. Anonymous Coward
    Anonymous Coward

    It's just PENetration testing

    Don't look a gift trojan in the mouth.

    1. Clive Galway

      Re: It's just PENetration testing

      Surely looking in the mouth is the one thing you DO want to do with a gift trojan?

      You might see the soldiers hiding inside if you did.

  12. Tezfair

    They got a USB Pen, I got flowers

    no seriously, bunch of flowers arrived today from HP / Ingram

    1. hplasm
      Happy

      Re: They got a USB Pen, I got flowers

      Have you virus checked them?

      1. Anonymous Custard
        Trollface

        Re: They got a USB Pen, I got flowers

        We had a couple of pack of dark choccie Hob Nobs in the post this morning from a recently left former colleague (I would say departed, but he left for a better job rather than for the grave).

        All in all I think we got the best deal of the lot...

      2. Haku

        Re: They got a USB Pen, I got flowers

        "Have you virus checked them?"

        Yes, do check for bugs.

  13. Anonymous Coward
    Anonymous Coward

    The virus infects program files and web files on computers running the following systems: Windows 2000, Windows 95, Windows 98, Windows ME, Windows NT,Windows Server 2003, Windows Vista, Windows XP.

    Errm yeah, I call BS on those two as they predate USB. NT4 didn't have any kind of hot-plug ability in my experience: maybe there was a beta somewhere but I seem to recall the closest it got to supporting hot-pluggable hardware was PCMCIA and even then you had to shutdown before inserting or ejecting cards.

    Been there, done that.

    As for Windows 95, well there was a supplement that added USB support. Last time I tried it, it didn't support USB storage, and in fact even Windows 98 needed a separate driver installed. Windows ME was the first of that line of OSes to ship with USB storage support and I find it incredible they'd bother supporting anything DOS-based.

    Strikingly absent are Windows 7, 8 and 10.

    1. Aodhhan

      You can call BS, but you're forgetting...

      USB isn't the only attack vector for this. If you have Windows 95 system running (help us), and go to an infected web site, you've now contracted it.

      Forest thru the trees.

    2. Anonymous Coward
      Anonymous Coward

      It says the *virus* infects program files on those operation systems. Not that you can use a pen drive on them.

    3. Mage Silver badge

      Win95

      Didn't version b of Win 95 have USB?

      I've been disabling Autorun on CDs, Network Shares and USB since they existed. I remember in 1995 wonder who had the the stupid idea of Autorun. (Though maybe MS copied the idea from Amiga)

      1. Anonymous Coward
        Anonymous Coward

        Re: Win95

        Yes it did, and some times it even worked!!

        The poor PC wasnt helped by my boss saving everything to the root of C:/ though.

    4. J. Cook Silver badge
      Boffin

      Windows 98 Second Edition actually had proper USB 1.0 support.

      There was an 'OEM only' release of windows 95 (known as Windows 95 C) that had rather limited USB support.

      I still consider Windows ME the b@$tard offspring of windows 98 SE and Windows 2000- the worst of 98 SE, with the pretty pretty skin of 2000.

      1. Anonymous Coward
        Anonymous Coward

        It did, but I found I still needed the floppy disk with the driver on Win98 machines to use an external hard drive I had back in the day because Windows 98SE lacked the driver for mass storage.

        I can accept the web being an attack vector: however none of the modern browsers run on those two OSes and no one in their right mind would try using IE5.5 or earlier on the web today as not even IE6 is properly supported these days.

  14. Tom_

    "the USB"

    Good grief.

  15. Anonymous Coward
    Anonymous Coward

    Thanks O2, wheres mine... oh wait might not want one now, oh wait inserts into linux system dd it clean, free storage... did anyone get one, what size are they?

    1. Alister

      I got one, it's very pretty, all shiny and blue.

      And it's 4GB storage :(

      Hardly worth infecting my network for...

      1. Antron Argaiv Silver badge
        Windows

        I have a mental image of a low-budget factory somewhere near Shenzhen, in which these pens, and thousands of similar cheap plastic advertising gimmicks are made.

        They are stuffed with even cheaper USB memory PCBs and snapped together, then placed in a basket for formatting.

        Which is done on a collection of old PCs, running Windows NT (and loaded with viruses, obviously)

        Is this the Chinese version of crapware (i.e.: deliberate infection), or is it the result of using the cheapest possible method of production, which happens to be old PCs, running unlicensed (hacked?) versions of an obsolete OS?

  16. Anonymous Coward
    Anonymous Coward

    No good deed deserves to go unpunished....

    Wow, simply wow... Its the 90's again. Its time to lock down the PC base to everything and everyone, and distrust corporations the most. There should be a fine, surely?

  17. Anonymous Coward
    Anonymous Coward

    I wonder

    if people will be remembering this in a decade, like they obsess over the Sony "Rootkit" (that wasn't a rootkit at all). This actually is far more severe, and affecting more people.

    History says not, as who remembers the Energiser USB battery charger virus....

    http://www.cnet.com/news/backdoor-found-in-energizer-duo-usb-battery-charger/

    1. AndyS

      Re: I wonder

      > if people will be remembering this in a decade, like they obsess over the Sony "Rootkit" (that wasn't a rootkit at all). [citation needed] This actually is far more severe, [citation needed] and affecting more people. [citation needed]

      Here's some citations.

      1. Root kit (yes, an actual root kit)

      2. The Sony rootkit was on product which had been paid for, it installed itself deceptively (after a yes/no dialogue which it ignored), on a massive number of computers. Sony then repeatedly denied its existence then, once they were cornered, offered deceptive, broken "removal" tools. This O2 debacle is the accidental inclusion of an outdated virus in a small run of advertising media, followed by immediate notification of at-risk people and clear instructions on what to do next.

      3. Sony distributed 22 million infected CDs.

      Now, go and find a nurse, and tell them you've forgotten to take your medication again.

      1. Mark 85

        Re: I wonder

        Now, go and find a nurse, and tell them you've forgotten to take your medication again.

        Maybe no need to. Could be someone from Sony Marketing....

  18. Anonymous Coward
    Black Helicopters

    Was this really a mistake?

    ... or a deliberate scheme by both O2 and Microsoft to somehow force a lot of people to upgrade their operating systems? To the latest and greatest Windows 10 of course.

    Sure: this is a (somewhat silly) conspiracy theory. But how on earth did they manage to obtain such a virus which also only targets older Window versions?

    1. Nifty Silver badge

      Re: Was this really a mistake?

      The USB stick has a Windows 10 installer on it, that IS the virus.

      1. Stoneshop
        Holmes

        Re: Was this really a mistake?

        The USB stick has a Windows 10 installer on it, that IS the virus.

        If it's only 4G, it would be too small

        1. Anonymous Coward
          Anonymous Coward

          Re: Was this really a mistake?

          "If it's only 4G, it would be too small"

          It's a phone?

          1. Kiwi
            Coat

            Re: Was this really a mistake?

            "If it's only 4G, it would be too small"

            It's a phone?

            If it's from MS it'd be a phoney...

  19. Velv
    Joke

    Isn't there an old saying something along the lines of "beware of Geeks bearing gifts"...

    1. Arachnoid

      How much do Geeks Earn...?

      About 40 drachmas a week!

      1. AlbertH

        Re: How much do Geeks Earn...?

        No - The old Morecambe and Wise gag was "What's a Greek Urn?"

  20. Doctor Syntax Silver badge

    Even now someone in Microsoft marketing is working on a give-away USB device that installs Windows 10...

    Meanwhile, over at O2, proof that being detached from BT doesn't improve management.

    1. Dan 55 Silver badge

      You think being attached to Telefonica improves it?

  21. allthecoolshortnamesweretaken

    From the description it sounds a bit like it's a slightly more aggressive version of GWX.

  22. Clive Galway

    Did they actually mention WHICH virus was on the pen in the email?

    If not, woefully irresponsible.

  23. fidodogbreath
    Happy

    Dodged a bullet

    Fortunately, Windows for Workgroups appears to be unaffected.

    1. Stoneshop

      Re: Dodged a bullet

      Likewise OS/2

      (where's the cobwebs icon?)

  24. David Roberts

    Some sympathy

    If you ordered 10,000 USB sticks with a custom tacky logo from a supposedly reputable supplier, would you then employ someone to virus test every single one?

    How many people routinely test every new pen drive for viruses? O.K. perhaps you should have scanning for all removable media configured, but still......

    The real culprit is somewhere further up the supply chain, who has also managed to piss off a major customer. That is unlikely to end well.

    1. David Haworth 1

      Re: Some sympathy

      Quoth David Roberts: If you ordered 10,000 USB sticks with a custom tacky logo from a supposedly reputable supplier, would you then employ someone to virus test every single one?

      No. I'd probably create and test a single image then write the whole lot over the USB stick. Saves an awful lot of trouble, and may even be faster.

    2. Antron Argaiv Silver badge

      Re: Some sympathy

      Not sure there *are* any reputable suppliers of USB pens with tacky logos...

  25. M7S
    Joke

    Would this count as a "malicious communication" for the purposes of UK legislation

    or is that just so much static when compared to their billing?

    1. Richard 12 Silver badge

      Re: Would this count as a "malicious communication" for the purposes of UK legislation

      Incompetence rather than malice.

      Buying a few million USB sticks with pre-installed marketing tat always results in something going titsup.

      Usually the marketing guff is never pre-installed, but sometimes you get a little extra...

      1. Anonymous Coward
        Anonymous Coward

        Re: Would this count as a "malicious communication" for the purposes of UK legislation

        Yup, had that happen.

        I went to an industry event once, got a copy of the relevant literature on a free 2Gig pen drive.

        Drive was clean of viruses, but later when I copied some of my own files onto it, it broke when the data passed 512M. Got a hardware type to cut it open, sure enough it was a 512M drive hacked to report 2G and the show organisers had been ripped off.

        1. Richard 12 Silver badge

          Re: Would this count as a "malicious communication" for the purposes of UK legislation

          Hacked USB flash firmware is a very common trick.

          It's only discoverable by trying to write and read back the full reported size.

          Perhaps my favourite marketing USB stick muppetry was the metal half-shelled USB memory stick handed out by several companies a few years back.

          Those would quite easily go in upside-down, so you can guess what happened...

  26. John Brown (no body) Silver badge
    Windows

    "We apologise for any inconvenience"

    No, Mr/Mrs O2 PR flack. You should be apologising for the inconvenience caused. "We apologise for any inconvenience" sounds like you hope there wasn't any. You have actually inconvenienced everyone who received one of these USB sticks, not just the those who got infected ones. You've also inconvenienced every company or organisation who think they may have received one.

    I wonder how many work hours and at what pay rates this has generated, and therefore tangible loses to those concerned?

    1. Doctor Syntax Silver badge

      Re: "We apologise for any inconvenience"

      All the PR boiler-plate apologies exacerbate the original offence. I can only surmise that PR is populated by those too incompetent to be employed in marketing.

  27. Anonymous Coward
    Windows

    Full Disclosure

    Who at O2 ordered the USB marketing campaign and what business carried out the mass copying of the USB pen drives?

    1. Doctor Syntax Silver badge

      Re: Full Disclosure

      "Who at O2 ordered the USB marketing campaign"

      Any marketing campaign even vaguely related to IT should be overseen by a competent IT security professional. This, of course, is the second best option. The best option is to fire marketing.

  28. anonymous boring coward Silver badge

    "If you have already and your antivirus has flagged a risk, please follow the instructions your antivirus software gives you and then remove and dispose of the USB,"

    Should I just remove the USB port, or do I also have to pry off any associated hardware from the motherboard?

  29. UncleZoot

    And the numpties at Brit O2 would be sending their tech support people out for a cleaning of the system before I found another supplier.

    Where I worked before, the USB bus was disabled other than for the keyboard and hard wired mouse.

    After it became impossible to purchase keyboards with wired mouse, we modified the OS to only recognize specific devises.

  30. Yet Another Anonymous coward Silver badge

    I'm safe

    Here Telus will send out virus infected 5.25in floppies

  31. Anonymous South African Coward Bronze badge

    Put the pen in a safe place for a few months.

    After that period of time, look for a virus removal tool for linux, download and clean the pen thusly.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like