Forgot your password?
typodupeerror
Security Operating Systems Software Windows

Malware Found On Brand-New Windows Netbook 250

Posted by kdawson
from the be-careful-out-there dept.
An anonymous reader alerts us to an interesting development that Kaspersky Labs stumbled across. They purchased a new M&A Companion Touch netbook in order to test a new anti-virus product targeted at the netbook segment, and discovered three pieces of malware on the factory-sealed netbook. A little sleuthing turned up the likely infection scenario — at the factory, someone was updating Intel drivers using a USB flash drive that was infected with a variant of the AutoRun worm. "Installed along with the worm was a rootkit and a password stealer that harvests log-in credentials for online games such as World of Warcraft. ... To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan."
This discussion has been archived. No new comments can be posted.

Malware Found On Brand-New Windows Netbook

Comments Filter:
  • Ha ha. (Score:5, Insightful)

    by yourassOA (1546173) on Saturday May 23, 2009 @05:12PM (#28069635)
    Doesn't seem like an accident.
  • Pffft (Score:3, Insightful)

    by BobReturns (1424847) on Saturday May 23, 2009 @05:13PM (#28069641)
    Yes, because any average Joe user is capable of utilising that 'solution'.
    • by Jurily (900488)

      Yes, because any average Joe user is capable of utilising that 'solution'.

      The first thing I did with my laptop was to reinstall Vista with the DVD that came with it. Is there a way to get malware from there or the driver disk?

      • by Bigjeff5 (1143585)

        Actually yeah, the new OEM deployment tools that are available to them, plus the paradigm shift in Vista's base install method, allow them to give you a Vista re-install disk that has all of their bloatware and intentional/unintentional malware already on it.

        In most cases, I don't see it happening, as they probably won't make anything off the re-install whether it has the bloat/malware or not. Not yet anyway.

      • Re: (Score:3, Insightful)

        The first thing I did with my laptop was to reinstall Vista with the DVD that came with it. Is there a way to get malware from there or the driver disk?

        Replace "Vista" with Ubuntu/Red Hat/SuSE/Debian and you should be fine :P More seriously, why hasn't Microsoft made a package manager+repositories yet? It is absurd that people and companies have to verify that drivers and (basic) applications are clean. The problem is a problem that already has a proven solution: signed packages from a large repository. Signed to guard against tampering after the repository. Large, so that any foul play is discovered quickly. Heck, I'm sure that you could port apt+dpkg or

  • Right..... (Score:5, Insightful)

    by phantomfive (622387) on Saturday May 23, 2009 @05:14PM (#28069645) Journal

    To ensure that a new PC is malware-free, [Kaspersky] recommended that before users connect the machine to the Internet, they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan

    And people say Linux is user unfriendly? I never use Windows to visit banking/credit card/money websites, and I advise all my friends to do the same.

  • Who watches the... (Score:5, Insightful)

    by yerktoader (413167) on Saturday May 23, 2009 @05:14PM (#28069649) Homepage
    But trusting another computer depends on knowing it's clean of malware. I'd think it a better bet for Kaspersky to offer bootable thumb drives with a slim OS and their software, allowing users to scan any machine with a known good device.
    • by ms1234 (211056)

      Thats why Windows never even got a chance to start on my netbook, installed Fedora right away. Now I have a useless sticker at the bottom that says I'm a proud Windows license owner...

    • Are there any anti-virus products that still do this? Norton used to offer a bootable CD to run a scan for Windows9x, but it couldn't use the latest definitions and it has since been discontinued.
      How is ClamAV at doing offline scans of a Windows box?
    • by Len (89493) on Saturday May 23, 2009 @05:50PM (#28069917)
      Devices with any OS can come with malware. Even iPods [sophos.com] and picture frames [securityfocus.com] have been shipped with malware pre-installed. There's nothing magic about Linux, other than its ability to suppress the geek skepticism reflex.
      • But what of OSes without devices, such as a typical Linux DVD?

      • Even iPods [...] have been shipped with malware pre-installed.

        As the iPod marketing campaign leader*, I have to take offense.

        The iPod doesn't ship with "mal"ware. It ships with a friendly software agent which makes sure the musicians and artists get paid what they deserve. You love art, don't you? You don't want the artists to starve, do you?

        You call it malware. we call it Delivering Revenue to Musicians, or "DRM" for short.

        (* statistics and benchmarks were in short supply, so I lied a little instead.)

  • Or... (Score:5, Informative)

    by Kythe (4779) on Saturday May 23, 2009 @05:15PM (#28069661)

    You could always reformat the darned thing from scratch using a known-good version of whatever OS you're going to be using.

    Honestly, ever since Vista became the de-facto OS shipped with new computers, I've been doing that, anyway.

    • Re:Or... (Score:5, Insightful)

      by yerktoader (413167) on Saturday May 23, 2009 @05:17PM (#28069681) Homepage
      You know, I always thought it would be a good idea to ship PC's without the OS loaded. If the end user had to set up the OS it would force them to learn the basics...But that's why I'm an ex-tech support asshole I guess.
      • Re: (Score:2, Funny)

        by Anarchduke (1551707)
        I like that idea. Of course, I like it because I could charge those people to install their operating system for them at 60 bucks an hour.
    • by mikael (484)

      Better still, keep the original hard disk drive, and buy a new one for your OS and data files. If you want to sell it to trade up or send it in for repair, you can restore the old disk drive without any problems about warranty or data loss.

  • by JK_Huysmans (1561025) on Saturday May 23, 2009 @05:16PM (#28069667)
    Oh, how I love Kaspersky's constant press releases.

    "OMG Virus! Buy our product!"

    All they seem capable of for marketing is different stunts related to finding viruses in weird places. Come on. Seriously.
    • I'd be more alarmed if they gave equal press to sky-diving accidents or deep sea diving developments.
    • by Ilgaz (86384) on Saturday May 23, 2009 @05:32PM (#28069789) Homepage

      As I don't use Windows, AV company security blogs tells me a lot about the security scene after I filter the PR.

      Also Kaspersky never says ''buy our product'', they don't need such stupid stunts. A person who buys one of those cheapo TW netbooks won't likely afford their product either. They say ''a security product'' without mentioning any brand while they have right to advertise their own.

      Once upon a time, computer vendors (including Taiwanese) were decent enough to run a god damn antivirus (standard was 3 of them) before shipping the computer. I guess they are targeting old timers reminding them it is not the case anymore.

  • by TinBromide (921574) on Saturday May 23, 2009 @05:17PM (#28069675)

    they install security software, update it by retrieving the latest definition file on another computer, and transferring that update to the new system, then running a full antivirus scan.

    Just be sure to scan the thumb drive so you're not infecting it!

    • Instead of a thumb drive, I carry a SD card and usb reader combo. The SD card has a write enable switch. Works 100% of the time on foreign untrusted systems.

  • by Anonymous Coward on Saturday May 23, 2009 @05:17PM (#28069685)

    I kind of figured that computer manufacturers had hard drive arrays to clone a pre-made installation. Pull each drive off the rack, put it in the computer, and make sure it boots, then box it.

    They're really installing drivers by having some schmuck walk around with a USB stick?

    • Re: (Score:3, Insightful)

      by msobkow (48369)

      You're right about using drive images. However, when I was responsible for rolling out lease-return machines, we were re-imaging the systems from install CDs, rather than using "hard drive arrays." It's far easier to pop an auto-installing CD into the tray than it is to remove the hard drive, install it in an array, re-image it, then re-install it back into the PC.

      It's not a very painful process -- about all you had to do was click "Ok" after the imaging CD booted and asked you if you were sure you wan

    • > They're really installing drivers by having some schmuck walk around with a USB stick?

      I suspect that a driver update came out after the machines had been imaged but before they shipped and somebody decided the update was critical. Or perhaps a new image incorporating the new driver was going to take a few days to get through engineering and QC and manufacturing couldn't wait (they never can) and so they came up with the USB stick trick (poorly thought out, as is usual for manufacturing's ad hoc soluti

    • I wouldn't be surprised. In China, labor is far cheaper than any automation. In addition, this is the sort of crap-ass quality problems that Chinese products typically have.
  • by clang_jangle (975789) on Saturday May 23, 2009 @05:20PM (#28069713) Journal
    I'm so glad to see this innovative feature finally being boldly embraced by an OEM. Until now, it's been sheer drudgery, waiting the twelve minutes or so it takes to get a new Windows install infected just felt like forEVar!
  • Would somebody out there please explain why AutoRun was ever considered a Good Idea? I know that before I got rid of Windows and went Linux only, one of the first things I'd do on a new computer was disable it.
  • 3? (Score:5, Funny)

    by Anonymous Coward on Saturday May 23, 2009 @05:38PM (#28069835)

    Autorun worm, Windows...thats only 2...where is the third malware item?

  • Obligatory... (Score:3, Informative)

    by npoczynek (1259228) on Saturday May 23, 2009 @05:41PM (#28069863)
    Wouldn't have happened if they had ordered that netbook with Linux pre-installed!
    • Re: (Score:3, Informative)

      I don't know of any linux distro that has auto-run, so its pretty unlikely that that would happen
  • Malware Found On Brand-New Windows Netbook

    You repeat yourself.

  • Why is this news? Don't we expect windows to be found on any brand new windows netbook?

  • Uh, what the... ? (Score:3, Interesting)

    by c (8461) <beauregardcp@gmail.com> on Saturday May 23, 2009 @06:06PM (#28070023)

    "transferring that update to the new system, then running a full antivirus scan."

    I guess I've been out of the Microsoft ecosystem for a long, long time... is it now common practice to run AV scans in a probably compromised environment? Or are malware authors so lazy these days that they can't even bother to write code which breaks any installed AV software?

    c.

  • by Provocateur (133110) on Saturday May 23, 2009 @06:17PM (#28070089) Homepage

    so I am returning mine. Why do THEY get all the good stuff?? You mean I have to go ONLINE and download this 'malware' myself?? And they get 3 out of the box!

    DON'T even THINK about making me pay for shipping the return!!

  • by billcopc (196330) <vrillco@yahoo.com> on Saturday May 23, 2009 @06:29PM (#28070171) Homepage

    Kaspersky releases "news" article about their virus scanner saving the day, while casting doubt on all PC vendors. Solution: Buy our shit!

    I don't care whether it's malware, weapons of mass destruction, or kiddie porn. It's all baseless fear-mongering to push corporate or political influence, in the end it's all just money.

    What they of course fail to highlight is the fact that the solution is neither effective nor guaranteed to work. Kaspersky's scanner, like any scanner, cannot catch all malware, just like Bush couldn't (wouldn't?) catch OBL. Perhaps worse is the high rate of false positives, such as when your virus scanner mistakenly recognizes a Linux ISO as a boot sector virus, or your republican mistakenly recognizes a Linux hacker as an islamic terrorist. Bullshit all around!

    • by artor3 (1344997)

      Is there a corollary to Godwin's Law for comparing people to Bush? 'Cause finding malware on a Windows computer is a hell of a lot more likely than finding WMDs in Iraq.

  • ...wipe it and install a new OS. There are several available. They are quite inexpensive. In fact, they are Free.

    • by Culture20 (968837)
      Or at least take out the drive and scan it as an external drive in a known-good computer. Kaspersky's recommendation of using a scanner on the local OS is silly.
  • When purchasing a new computer, wipe the drive. This has the added bonus of getting rid of bundleware, too, and sets it up nice for Linux! Well you can install Windows if you really want to. If your computer didn't come with an original Windows install disc, download and burn one (thanks bittorrent!). Hey, you bought Windows anyway with the computer, might as well get what you paid for.
  • by Animats (122034) on Sunday May 24, 2009 @12:31AM (#28072069) Homepage

    Recall Alert
    U.S. Consumer Product Safety Commission
    Office of Information and Public Affairs
    Washington, DC 20207
    May 23, 2009
    Alert #09-993
    M&A Companion Touch
    The following product safety recall was voluntarily conducted by the firm in cooperation with the CPSC. Consumers should stop using the product immediately unless otherwise instructed.
    Name of Product: "Companion Touch" notebook computer
    Units: About 9,000
    Distributor: M&A

    Hazard: The laptop computer may have pre-installed hostile software (a "virus" or "worm") which could result in the unauthorized transmission of private user data, including bank account numbers and passwords, to a remote site.
    Incidents/Injuries: None reported.

    Remedy: Immediately stop using the device and return it to the point of sale for replacement. If bank account or credit card information has at any time been stored on the device, contact your bank and credit card providers to check for fraud and identity theft.

    If computer security is to be taken seriously, such actions are essential.

% APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis

Working...