Saturday, January 31, 2009

Electronic security and spread of malware

A growing number of cases is known about infections or potential infections, through electronic devices. The last known case, which I commented on malware preinstalled (in Spanish), has sparked an interesting discussion that reminds me of a nice story on this topic.

After a talk on Antivirus Security in which I explained in what is Social Engineering and how worms spread through a text file named Autorun.inf (not a malware simply takes the functionality of automatic execution of Windows), one of the attendees asked me one of the programs that were used during the talk, which I copied it into a USB stick and the pass, but this person, attentive, I said no, I don't want to connect that memory because my computer may be infected and infected my computer will end. Although the report was clean, that was correct.

Well, I said, "I copy on another medium," and copied the same file on an iPod. The person was in line and connects the iPod to your computer without taking into account that not doing anything other than access to a storage device that is also likely to host malicious code.

The removable storage devices that connect via USB with a high rate of effectiveness in the dissemination of malicious code, ie not just speaking about USB, speaking of iPods, mp3 players, mp4, cameras, camcorders , cell phones, digital photo frames, and any device that has interaction with the PC.

From the economic point of view, many countries get any of these devices at low cost, however, this represents an extra risk due to little control that is deposited in the manufacturing process of these devices, and quality control when it goes on sale and may be potential channels of infection, even through the CD that accompanies the device.

Somewhere I read the recommendation to purchase products from renowned companies, however, isn't a guarantee and, in cases such as Samsung will demonstrate this. As you can see, absolutely nothing is certain, but if it's safe to implement mechanisms that allow us to mitigate such problems, eg maintain an active and updated antivirus program.

Some history of infection during 2008 through various devices that can be highlighted are:

Samsung SPF-85H 8-Inch Digital Photo Frame
Mercury 1.5" Digital Photo Frame
Hewlett-Packard USB Drives 256K / 1GB
Insignia 10.4" NS-DPF10A Digital Photo Frame

Not to panic, but to be careful :-)

# Jorge Mieres

No comments: