| | |
| August 26, 2008 | |
| | |
| In This Issue |
 Tech Talk News & Articles Reader Q&A Announcements |
| Tech Talk |
The Rise of Digital Storage Malware  The embedded malware can literally be inserted at any point during this process. Take into consideration any of the following scenarios: 1. A malicious company decides to embed the malware during the product design and development level and is programmed directly into the software install process of the device. Since the entire company is corrupt the Quality Assurance of the product is completely dismissed and the company sells the trojanized product on the internet or to various resellers. As the products begin infecting users, the company disappears and sells the locations of the infected machines to other malicious users. 2. A malicious internal employee working in the QA process or in the packaging stage decides to infect several products after they are scanned. They switch out clean devices with infected devices and the products are shipped out and eventually arrive on store shelves. 3. A customer buys a product and intentionally/accidentally infects the device via their home or work computer. Dissatisfied with the product in one shape or form, the customer returns the product complete with packaging back to the store. The retail store decides to sell the product for a discount (such as an open-box-deal), and a new customer purchases the infected device. 4. A reseller purchases bulk unsold devices from another company and decides to rebrand the item. These devices are (accidentally) infected by an internal machine during the reimaging of the installation software and this slips by the QA process. These infected products are resold on the market and in turn infect customers. Although these scenarios represent only a few possibilities on how these devices were infected, the real situation is that this problem is not going away. Recently it appears these attacks are back on the rise, with digital photo frames and memory sticks being reportedly infected once again. As the holiday season gets closer and closer, consumers, suppliers and IT administrators should likely prepare for these types of attacks. Consider the following mitigation and threat assessments for your home or company: As a consumer: How often do you purchase PC peripherals that connect to your home or work computer? – This includes any of the following devices: USB thumb or jump drives, Cell phones, Memory cards or sticks, Web cameras, handheld video game units, digital photo devices, GPS units, USB powered cubical toys, USB or firewire wireless adaptors, MP3 or portable media players. The more of these items you purchase the more likely you will encounter an infected device. Keep in mind these devices were purchased from a wide range of vendors and retailers, including very popular and trusted brands. Does the connecting computer have an updated peripheral-scanning Anti-Virus Software? – Virus scanners are the first perimeter of defense for most users, and many of them support scanning devices as they are plugged in automatically. If you are unsure that your AV software supports these features, consult your product documentation and confirm you are up to date with the latest signature definitions and updates. Does your computer have Autoplay and Autorun.INF features disabled? – Most malware taking advantage of hitching rides with PC peripherals are attempting to exploit Autoplay or Autorun features within Microsoft Windows. These functions can be disabled through the use of tools or registry modifications and reduce the risk of malicious software automatically compromising your machine. As an IT Administrator, in addition to the above strategies: How are you securing USB devices? – Do you regulate what users can or cannot connect to their machines using 3rd party software? You can disable USB devices via group policies or you can use 3rd party software like MyUSBOnly or Sanctuary Device Control in order to allow only certain USB devices to be connected. This will force USB devices to be brought to you for inspection prior to having users install them. This ultimately will allow you to scan them before malware can slip onto your network. Manufacturers and Retail Businesses: Is it time to revaluate your Product Return and QA Policies? - Are returned products currently being wiped clean and scanned for virus prior to resale? This should be performed on every device that can store data in order to protect your past and future customers. Also ensure that your Anti-Virus Software is fully updated when you are scanning these devices during QA procedures. By following the above strategies users and administrators alike will be able to successfully identify and mitigate potentially harmful scenarios that could be introduced by these portable malware devices. Implementing these strategies sooner will also help ease users into becoming more aware of these threats and adapting to heightened security policies in time to be safe for the holiday season of 2008. Source: Greg Linares, Research Engineer |
| News & Articles |
| The following articles represent the opinions of their respective authors. They do not necessarily represent the opinions of eEye Digital Security. SC Magazine: Group Test- Vulnerability Assessment Blink 4.0 Video Review What is the best Antivirus Software for Vista 2008 CRN Emerging Vendors: Creating A Ruckus |
| Reader Q&A |
Q: What is the likelihood that the black-list will be replaced by the white-list in the near future? |
| Announcements |
eEye Receives top Rating and Earns ‘Best Buy’ Title in Security Product Shoot-Out eEye To Offer 25% Discount Channel Conversion Incentive to Entice Symantec Partners eEye Rises to “Positive” in Key Analyst Ranking by Gartner eEye Digital Security Named a CRN Emerging Tech Vendor |
| Etcetera |
Stay Up-to-Date with eEye Research Vulnerability Expert Forums |
HOW TO SUBSCRIBE FEEDBACK DISCLAIMER NOTICE |
Etcetera