With malicious regards
Monday, July 2, 2018
Since botnets exist, anti-viruses must be inadequate.
Or, perhaps, they’re completely useless?
A comment from an Anti-virus Times reader
Funnily enough, the above comment appeared while we were wondering whether we should once again write about things that seem to be quite obvious. So we got our answer when we read that comment.
Taiwan's CBI (Criminal Investigation Bureau) assembled 250 empty USB flash drives to be distributed as prizes during an Infosec event supported by the country's president.
CBI handed out 54 prizes to cybersecurity quiz winners. However, they all contained the malicious executable XtbSeDuA.exe.
At first, Chinese cyber espionage was regarded as the main motive, but the reality proved to be much simpler than that.
According to the Taipei Times, the drives got infected while Shawo Hwa Industries Co., a New Taipei contractor, was conducting maintenance routines “to transfer an operating system to the drives and test their storage capacity”.
Well, an incident like this one could happen anywhere. We often mention that when a malware attack commences, the anti-virus may not have all the virus definitions it needs. There was a time when one could amass an entire collection of infected CDs with a label stating that they all had been scanned by an anti-virus.
However, the malicious file in the CBI incident:
- Was created several years ago by a Polish crime ring.
- Because of its “old” age, it could only infect 32-bit platforms.
- Most anti-viruses could detect it easily.
So the malicious file "resided" on the supplier's computer (or on another company's machine from which it sneaked onto the supplier’s), and no one noticed anything.
This incident is not unique.
In 2010, IBM admitted that the complimentary USB drives it handed out at the AusCERT conference on the Gold Coast, Queensland, were infected by not one, but two pieces of malware.
The German supermarket chain Aldi shipped a bunch of laptops with the old-school boot virus “Angelina” on the hard disk and sold removable hard disks with malware pre-installed on them.
That's why many information security regulations documents and guides contain clauses like this one:
It is recommended that all removable data media undergo independent examination before they are used in the infrastructures of financial institutions to ensure that they bear no malicious code. The examination is facilitated using an operating system that must be booted up from a media that is known to contain no malicious code.
The Anti-virus Times recommends
If your anti-virus is working properly, it doesn't mean that your friends’, contractors’ or partners’ are doing just as fine. Therefore, we recommend that you scan all removable media before using them (and if you deal in shipments, check at least a portion of each one). And removable media is not limited to USB sticks; any removable device can be used to transfer a malicious program.
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
Неуёмный Обыватель
14:09:59 2018-07-02
razgen
09:54:40 2018-07-02
vasvet
09:10:33 2018-07-02