Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (50)
  • add to favourites
    Add to Bookmarks

With malicious regards

Read: 157 Comments: 3 Rating: 6

Since botnets exist, anti-viruses must be inadequate.
Or, perhaps, they’re completely useless?

A comment from an Anti-virus Times reader

Funnily enough, the above comment appeared while we were wondering whether we should once again write about things that seem to be quite obvious. So we got our answer when we read that comment.

Taiwan's CBI (Criminal Investigation Bureau) assembled 250 empty USB flash drives to be distributed as prizes during an Infosec event supported by the country's president.

CBI handed out 54 prizes to cybersecurity quiz winners. However, they all contained the malicious executable XtbSeDuA.exe.

https://www.securitylab.ru/blog/personal/bezmaly/344045.php

At first, Chinese cyber espionage was regarded as the main motive, but the reality proved to be much simpler than that.

According to the Taipei Times, the drives got infected while Shawo Hwa Industries Co., a New Taipei contractor, was conducting maintenance routines “to transfer an operating system to the drives and test their storage capacity”.

Well, an incident like this one could happen anywhere. We often mention that when a malware attack commences, the anti-virus may not have all the virus definitions it needs. There was a time when one could amass an entire collection of infected CDs with a label stating that they all had been scanned by an anti-virus.

However, the malicious file in the CBI incident:

  1. Was created several years ago by a Polish crime ring.
  2. Because of its “old” age, it could only infect 32-bit platforms.
  3. Most anti-viruses could detect it easily.

So the malicious file "resided" on the supplier's computer (or on another company's machine from which it sneaked onto the supplier’s), and no one noticed anything.

This incident is not unique.

In 2010, IBM admitted that the complimentary USB drives it handed out at the AusCERT conference on the Gold Coast, Queensland, were infected by not one, but two pieces of malware.

The German supermarket chain Aldi shipped a bunch of laptops with the old-school boot virus “Angelina” on the hard disk and sold removable hard disks with malware pre-installed on them.

That's why many information security regulations documents and guides contain clauses like this one:

It is recommended that all removable data media undergo independent examination before they are used in the infrastructures of financial institutions to ensure that they bear no malicious code. The examination is facilitated using an operating system that must be booted up from a media that is known to contain no malicious code.

https://www.garant.ru/products/ipo/prime/doc/70526030

#removable_media #anti-virus_scan #malware

Dr.Web recommends

If your anti-virus is working properly, it doesn't mean that your friends’, contractors’ or partners’ are doing just as fine. Therefore, we recommend that you scan all removable media before using them (and if you deal in shipments, check at least a portion of each one). And removable media is not limited to USB sticks; any removable device can be used to transfer a malicious program.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments