Friday, March 12, 2010

Beware the malware within

It has now been revealed that the Conficker virus infection which brought a huge part of the Waikato Health computer system to its knees was injected through an infected USB drive plugged into a computer in the carpark.

Thanks to the previously lax way in which Windows handled new devices (running auto-boot code from such things without prompting), the infection probably took place within seconds and without anyone being the wiser.

Fortunately that gaping hole has been patched and, it is to be hoped, that every single LAN and WAN reliant on the Windows operating system has been suitably updated to ensure that the same does not happen elsewhere.

But this isn't the only bit of USB-based malware to hit the wires recently...

Elsewhere, alerts have been issued in regards to the Energizer Duo USB battery charger, some of which have been sold with built-in malware. The Duo has since been withdrawn from sale. Never the less, hackers are rushing to find infected machines that have yet to be cleaned.

These cases are just the latest in a very long list of malware-infected USB devices that really leave you wondering why it took so long to disable autoboot as the default configuration for such peripherals.

It also makes you wonder, especially given the recently reported levels of cyber-attacks originating out of China and targeting US government and corporate computer systems, whether there have been many more USB-based infections that have either not been reported or remain undetected to this day.

Why would I suggest such a thing?

Well the vast majority of USB memory drives, for example, are now made in China and it would be a simple task to "pre-infect" such a device with code designed to compromise any system into which it was inserted.

Then there are all the other USB-based devices that include MP3 players (as in the McDonalds malware infected give-away), LCD picture frames, LCD keyrings, cameras, etc, etc.

It would be a trivial task for a manufacturer or employee to sneak malware into such devices and indeed, the list of infected products is already a long one. In each case, the manufacturers claim no malice or ulterior motive but put the problem down to bad employee practice.

This "inbuilt malware" issue will probably not go away, especially as our reliance on components manufactured in countries of questionable political compatibility grows.

Even the humble BIOS is now a potential hiding place for malware, thanks to the switch to FLASH-based memory that has the potential to be re-written after installation.

In short, it may not be possible to give an absolute guarantee of certainty that the brand-new, virgin PC or peripheral you buy tomorrow isn't already carrying a malware payload. This means the installation and disciplined updating/use of anti-virus software is now even more important than ever before.

However, even AV software isn't infallible and one must always consider the fact that, no matter what the system or the operating environment, there is always a degree of "risk" associated with committing any valuable/sensitive data to a networked computer.

No comments:

Post a Comment