Other issues in this category (55)
With malicious regards
Since botnets exist, anti-viruses must be inadequate.
Or, perhaps, they’re completely useless?
A comment from an Anti-virus Times reader
Funnily enough, the above comment appeared while we were wondering whether we should once again write about things that seem to be quite obvious. So we got our answer when we read that comment.
Taiwan's CBI (Criminal Investigation Bureau) assembled 250 empty USB flash drives to be distributed as prizes during an Infosec event supported by the country's president.
CBI handed out 54 prizes to cybersecurity quiz winners. However, they all contained the malicious executable XtbSeDuA.exe.
At first, Chinese cyber espionage was regarded as the main motive, but the reality proved to be much simpler than that.
According to the Taipei Times, the drives got infected while Shawo Hwa Industries Co., a New Taipei contractor, was conducting maintenance routines “to transfer an operating system to the drives and test their storage capacity”.
Well, an incident like this one could happen anywhere. We often mention that when a malware attack commences, the anti-virus may not have all the virus definitions it needs. There was a time when one could amass an entire collection of infected CDs with a label stating that they all had been scanned by an anti-virus.
However, the malicious file in the CBI incident:
- Was created several years ago by a Polish crime ring.
- Because of its “old” age, it could only infect 32-bit platforms.
- Most anti-viruses could detect it easily.
So the malicious file "resided" on the supplier's computer (or on another company's machine from which it sneaked onto the supplier’s), and no one noticed anything.
This incident is not unique.
In 2010, IBM admitted that the complimentary USB drives it handed out at the AusCERT conference on the Gold Coast, Queensland, were infected by not one, but two pieces of malware.
That's why many information security regulations documents and guides contain clauses like this one:
It is recommended that all removable data media undergo independent examination before they are used in the infrastructures of financial institutions to ensure that they bear no malicious code. The examination is facilitated using an operating system that must be booted up from a media that is known to contain no malicious code.
If your anti-virus is working properly, it doesn't mean that your friends’, contractors’ or partners’ are doing just as fine. Therefore, we recommend that you scan all removable media before using them (and if you deal in shipments, check at least a portion of each one). And removable media is not limited to USB sticks; any removable device can be used to transfer a malicious program.