MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


Security "electronics" and spreading malware

Increasingly, cases are known about infections or potential infections, through electronic devices. The last known case, which I mentioned in malware preinstalled, has sparked an interesting debate that reminds me of a nice story about this issue.

At the end of a talk on Antivirus Security in which I explained how social engineering is based and how worms spread through a plain text file called Autorun.inf (not a malware simply takes this functionality to automatically execute Windows), an attendee asked me a software that was used during the talk, which I copied on a USB stick and passed it, but this person, attentive, she said no, I want to connect that memory in my computer, and you may be infected and infected my computer end. Although memory was clean, that was correct.

Well, I said, "you copying to another medium," and copied the same file on an iPod. The person was satisfied and connected the iPod to your computer without taking into account that not doing anything other than access to a storage device that is also susceptible to host malicious code.

Removable storage devices that connect through the USB port have a high percentage of effectiveness in the dissemination of malicious code, ie not just talking about USB flash drives, also speaking of iPods, mp3 players, mp4, cameras, camcorders , cell phones, digital photo frames, and any device that has interaction with the PC.

From the economic standpoint, many countries have achieved any of these devices at low cost, however, this represents an extra risk because of the limited control that is deposited in the process of manufacturing these devices, and quality control when it goes on sale and may be potential channels of infection, even through the CD that accompanies the device.

Somewhere I read a recommendation to buy products from recognized companies, however, is not a guarantee and cases such as Samsung to prove it. As you can see, nothing is safe, but if it is safe to implement mechanisms that allow us to mitigate such problems, eg active and keep updated an antivirus program.

Some history of infection during 2008 through various devices that can be highlighted are:

Not to alarm but to be careful :-)

Jorge Mieres

0 comentarios:

Post a Comment