Want drive with preinstalled virus?14/11/2007 Written by minor
If you plan to upgrade your computer or just buying some spare parts, you should be careful. As Taipei Times informed, some Maxtor portable hard disks come with “virus preinstalled”.
In Thailand produced drives carried two files that help trojans get into the system: autorun.inf and ghost.inf. Trojans then upload data such as logins and other interesting informations to www.nice8.org and www.we168.org.
It is not the first time, when devices come with viruses. Two years ago Sony BMG released discs with DRM acting like a rootkit. And in September German chain sold laptops with “Stoned.Angelina”, really old virus that was first time seen in 1994.
Of course in corporate environment are often used special methods for deploying new machines, where repartitioning is done by deploying OS, or they are already delivered with disc images provided before to vendors. But such portable devices are often bought individually by users, that have no idea about how to handle such devices before connecting.
Kai Roer in his blog posted few useful notes:
- never trust ANY hardware you bring into your perimeter
- ALWAYS check EVERYTHING you install in your systems and network — in a safe environment. For hard drives, that means testing, low-level formating and signing them off in a secure, non-connected environment. You do have that, right?
- as security gets tighter, threats evolve and finds other ways to get to you. It is a long time since boot-virus traveled by floppies. But if slow distribution is the easiest, most cost efficient way to hit you, that is how it will be done.
- targeted attacks are increasingly common. We are leaving the days where the goal was to hit as many as possible. The goal today is cash — not attention.
In fact all these things we should keep in mind, but to be honest do we? Often in corporate environment you can see that nothing above mentioned is considered. Moreover, precisely planed and launched targeted attack on single person or group, that doesn’t concern about security, can cause real disaster even if the best policies are applied, because the most vulnerable point is between keyboard and seat.