Eee ships with malware

Johannesburg, 10 Oct 2008

This week, Asus confirmed that some of the Asus Eee Boxes have accidentally been shipped with a piece of Windows-based malware pre-installed.

The Asus Eee Box is the company's new slimline desktop PC, in the style of the Mac Mini that Apple came out with a few years ago.

“It's not clear at the moment whether all Asus Eee devices are affected or just a percentage. If it's all, then clearly the image that Asus is putting onto their hard drives has not been properly audited - but if only some are infected then it's possible that this was an issue introduced at quality control,” explains Brett Myroff, CEO of regional Sophos distributor, Sophos SA.

He says it is also possible that a percentage of Asus Eee Boxes were tested on the conveyor belt for quality control reasons, using an infected USB stick.

Got the t-shirt

Asus is not the first vendor to have suffered from the problem of shipping malware. Last year, TomTom SatNav devices were found to be harbouring malware.

In October 2006 it was discovered that some Apple video iPods had shipped with the Troj/Bdoor-DIJ Trojan horse, and that the Japanese subsidiary of McDonald's was recalling 10 000 MP3 players after discovering that a spyware Trojan horse was contained on the devices.

“Any new storage device that is attached to a computer should be checked for virus and other malware before use. Floppy disks, CD ROMs, USB keys, external hard drives and other devices are all capable of carrying malicious code, which could infect the computers of innocent users,” Myroff says.

Anyone who pays close attention to the security headlines will be only too aware of the major security incident that hit major retailers, such as TJ Maxx having millions of credit card details stolen from them, he adds.

As Sophos has reported, hackers were accused of breaking into the stores' wireless networks to snatch the confidential information as it was transmitted across the air.

Child's play

The Payment Card Industry (PCI) Security Standards Council has announced some changes to the data security standard that companies are advised to follow to reach a minimum level of protection of their customers' credit card information.

One of those amendments underlines the importance of no longer relying on WEP encryption to hide the critical data from the prying eyes of hackers, and instead using a stronger encryption standard such as WiFi Protected Access (WPA and WPA2).

“TJ Maxx and others are believed to have been encrypting their credit card transmissions, but using the weaker WEP technology, which is frankly child's play for hackers to break,” Myroff adds.

Also in the limelight are Axel Gembe and Lee Graham Walker, who were indicted by a grand jury in Los Angeles, California, on counts of conspiracy and intentionally damaging a computer system. If found guilty, they could face up to 15 years in prison.

Gembe and Walker are alleged to have been hired by Jay Echouafni, the owner of a Massachusetts-based satellite TV systems company, to launch DDOS attacks against business rivals. According to legal documents, one of the affected companies suffered $200 000 worth of damages as a result of having their Web site blasted off the Internet.

Gembe is the hacker who broke into the internal network of games developer Valve, and stole the source code of Half-Life 2 in September 2003.


Editorial contacts