Sometimes when you buy a computer you get more than you bargained for. Such was the case when Kaspersky Lab purchased an M&A Companion Touch netbook.
Bundled along with the device were three pieces of malware–Worm.Win32.AutoRun.aayn, Rootkit.Win32.Agent.hwq and Packed.Win32.Krap.g. After some analysis, researchers concluded the files had been present since February, long before the security company bought the netbook.
“What I managed to track back by looking at restore points the oldest appearance of the malware on the system was in a restore point that was created when some drivers were installed,” said Roel Schouwenberg, senior anti-virus researcher at Kaspersky. “I therefore assume that because netbooks don’t have optical drives, a USB stick was used to get the drivers onto the machine.”
Kaspersky officials purchased the machine to run compatibility tests for their security software. What they got in addition was surprising–but not unheard of.
“What we normally see is that devices such as MP3 players are infected with ‘AutoRun’ malware,” Schouwenberg said. “They get infected by infected testing machines at the factories. To see this kind of situation where the actual OS is infected is quite rare.”
The only other example that springs to mind is when ASUS delivered an install CD a couple of months ago with one of its products with a backdoor Trojan in tow, he added. But in a number of cases, the infection may never get traced back to the new device.
“A lot of it is just pirated [hardware] and software, like phony Cisco routers, but increasingly–as the U.S. isn’t the center of the IT supply chain anymore–malware or built-in dangerous add-ons are becoming an issue,” Gartner analyst John Pescatore said. “Back when Microsoft coders would build Easter eggs into Excel, it seemed cute, but when it happens in IT coming from China, it’s not so funny anymore.”
This time, the situation was hardly dire–the malware in question is designed to steal passwords for online games such as Lord of the Rings. The implications, however, are clear: You can’t always trust that new equals safe. Perform an offline scan with an up-to-date security solution to be sure.