Hopefully if you are using your computer as a public web server, you won't be inserting random USB devices into it.
Brit network O2 hands out free Windows virus with USB pens
A marketing campaign by O2 that sent customers USB-embedded pens backfired last week – after it transpired a number of devices contained a "Windows-specific virus." The UK cellphone network sent out the USB pens to its business customers followed by a marketing email encouraging them to download a free eBook. That was then …
COMMENTS
-
-
-
Monday 8th August 2016 12:21 GMT Dwarf
Re: We need a double facepalm icon.
You mean like D'oh D'oh or even D'oh, D'oh, D'oh ?
Even though this is O2's fault as the supplier, if the last decade's guidance on good information security had any benefit at all to end users, then they should know about the need for up-to-date AV and not shoving free things into the computer without considering where its been and the associated risks and countermeasures to reduce those risks.
You have to wonder what would happen if someone turned up at their front door with free doughnuts, I bet they would take those as well.
When will people learn.
-
Monday 8th August 2016 13:26 GMT Haku
Re: We need a double facepalm icon.
"When will people learn."
In a lot of cases, never.
But then there are instances that even take the most cautious by surprise, like you'd never expect a commercially pressed audio CD to root your computer.
-
Monday 8th August 2016 16:37 GMT DoctorNine
Re: We need a double facepalm icon.
Staking the enterprise security structure on network users learning good computer habits, is like staking your own personal hygiene on users of a public washroom learning good sanitary habits. I guess you COULD, but most of us are a bit more risk averse.
-
-
-
-
Monday 8th August 2016 12:11 GMT m0rt
"He said: "For any customers that have already used the USB or are concerned, we have a specialist team on hand to support them and guide them through any action they may need to take. We apologise for any inconvenience." ®"
Oh really? A specialist team? So where were this specialist team when some ****head thought you should send out USB sticks as a marketing exercise?
-
-
Monday 8th August 2016 13:48 GMT MyffyW
Re: A spokesman said:
Was there really only one thing they didn't want to happen? That's comforting.
Customer: Your sales staff have turned into flesh-eating zombies.
O2: That's fine.
Customer: Your mobile signal reprogrammed my DNA and now I'm a Salamander-like being and Lt Tom Paris is getting amorous.
O2: That's fine, Captain Janeway.
Customer: I got a virus off your freebie pen.
O2: "This is the one thing we didn't want to happen."
-
-
-
Saturday 20th August 2016 12:04 GMT Kiwi
Re: A spokesman said @MyffyW
@Phil_W and @d3vy ... one of those episodes where you don't just have to suspend your disbelief, but wrestle it to the floor and tickle it into submission.
I think that was about the last episode of ST:V I ever watched. Actually wondering if I should try again.
Now if you want a truly terrible SciFi experience, one that could put you off SciFi for the rest of your life, watch DS9 in the shortest time possible. If you can.
(#B5Fan... :) )
-
-
-
-
Monday 8th August 2016 16:05 GMT Stuart Castle
Re: Windows NT???
Not necessarily. NT had plenty of security holes that could be exploited via an unsecured network share. All it would take is for one newer machine on the network (running a recent version of Windows) to become infected when someone plugs in a USB, then the virus could start scanning other machines on the local network for unsecured shares (or even secured ones if it can exploit a vulnerability in SMB), then using a vulnerability in NT's RPC (Remote Procedure Call) subsystem to copy itself to another machine, then install itself on that machine. All with no user intervention.
Remember, newer versions of Windows lock down pretty much everything network wise until it is needed. NT did the total opposite.
-
Monday 8th August 2016 13:01 GMT Anonymous Coward
The virus infects program files and web files on computers running the following systems: Windows 2000, Windows 95, Windows 98, Windows ME, Windows NT,Windows Server 2003, Windows Vista, Windows XP.
Errm yeah, I call BS on those two as they predate USB. NT4 didn't have any kind of hot-plug ability in my experience: maybe there was a beta somewhere but I seem to recall the closest it got to supporting hot-pluggable hardware was PCMCIA and even then you had to shutdown before inserting or ejecting cards.
Been there, done that.
As for Windows 95, well there was a supplement that added USB support. Last time I tried it, it didn't support USB storage, and in fact even Windows 98 needed a separate driver installed. Windows ME was the first of that line of OSes to ship with USB storage support and I find it incredible they'd bother supporting anything DOS-based.
Strikingly absent are Windows 7, 8 and 10.
-
Monday 8th August 2016 21:50 GMT J. Cook
Windows 98 Second Edition actually had proper USB 1.0 support.
There was an 'OEM only' release of windows 95 (known as Windows 95 C) that had rather limited USB support.
I still consider Windows ME the b@$tard offspring of windows 98 SE and Windows 2000- the worst of 98 SE, with the pretty pretty skin of 2000.
-
Monday 8th August 2016 22:26 GMT Anonymous Coward
It did, but I found I still needed the floppy disk with the driver on Win98 machines to use an external hard drive I had back in the day because Windows 98SE lacked the driver for mass storage.
I can accept the web being an attack vector: however none of the modern browsers run on those two OSes and no one in their right mind would try using IE5.5 or earlier on the web today as not even IE6 is properly supported these days.
-
-
-
-
Tuesday 9th August 2016 13:17 GMT Antron Argaiv
I have a mental image of a low-budget factory somewhere near Shenzhen, in which these pens, and thousands of similar cheap plastic advertising gimmicks are made.
They are stuffed with even cheaper USB memory PCBs and snapped together, then placed in a basket for formatting.
Which is done on a collection of old PCs, running Windows NT (and loaded with viruses, obviously)
Is this the Chinese version of crapware (i.e.: deliberate infection), or is it the result of using the cheapest possible method of production, which happens to be old PCs, running unlicensed (hacked?) versions of an obsolete OS?
-
-
-
Monday 8th August 2016 13:37 GMT Anonymous Coward
I wonder
if people will be remembering this in a decade, like they obsess over the Sony "Rootkit" (that wasn't a rootkit at all). This actually is far more severe, and affecting more people.
History says not, as who remembers the Energiser USB battery charger virus....
http://www.cnet.com/news/backdoor-found-in-energizer-duo-usb-battery-charger/
-
Monday 8th August 2016 13:56 GMT AndyS
Re: I wonder
> if people will be remembering this in a decade, like they obsess over the Sony "Rootkit" (that wasn't a rootkit at all). [citation needed] This actually is far more severe, [citation needed] and affecting more people. [citation needed]
Here's some citations.
1. Root kit (yes, an actual root kit)
2. The Sony rootkit was on product which had been paid for, it installed itself deceptively (after a yes/no dialogue which it ignored), on a massive number of computers. Sony then repeatedly denied its existence then, once they were cornered, offered deceptive, broken "removal" tools. This O2 debacle is the accidental inclusion of an outdated virus in a small run of advertising media, followed by immediate notification of at-risk people and clear instructions on what to do next.
3. Sony distributed 22 million infected CDs.
Now, go and find a nurse, and tell them you've forgotten to take your medication again.
-
-
Monday 8th August 2016 14:14 GMT Anonymous Coward
Was this really a mistake?
... or a deliberate scheme by both O2 and Microsoft to somehow force a lot of people to upgrade their operating systems? To the latest and greatest Windows 10 of course.
Sure: this is a (somewhat silly) conspiracy theory. But how on earth did they manage to obtain such a virus which also only targets older Window versions?
-
Monday 8th August 2016 17:31 GMT David Roberts
Some sympathy
If you ordered 10,000 USB sticks with a custom tacky logo from a supposedly reputable supplier, would you then employ someone to virus test every single one?
How many people routinely test every new pen drive for viruses? O.K. perhaps you should have scanning for all removable media configured, but still......
The real culprit is somewhere further up the supply chain, who has also managed to piss off a major customer. That is unlikely to end well.
-
Monday 8th August 2016 19:09 GMT David Haworth 1
Re: Some sympathy
Quoth David Roberts: If you ordered 10,000 USB sticks with a custom tacky logo from a supposedly reputable supplier, would you then employ someone to virus test every single one?
No. I'd probably create and test a single image then write the whole lot over the USB stick. Saves an awful lot of trouble, and may even be faster.
-
-
-
Monday 8th August 2016 18:37 GMT Richard 12
Re: Would this count as a "malicious communication" for the purposes of UK legislation
Incompetence rather than malice.
Buying a few million USB sticks with pre-installed marketing tat always results in something going titsup.
Usually the marketing guff is never pre-installed, but sometimes you get a little extra...
-
Monday 8th August 2016 19:48 GMT Anonymous Coward
Re: Would this count as a "malicious communication" for the purposes of UK legislation
Yup, had that happen.
I went to an industry event once, got a copy of the relevant literature on a free 2Gig pen drive.
Drive was clean of viruses, but later when I copied some of my own files onto it, it broke when the data passed 512M. Got a hardware type to cut it open, sure enough it was a 512M drive hacked to report 2G and the show organisers had been ripped off.
-
Monday 8th August 2016 22:26 GMT Richard 12
Re: Would this count as a "malicious communication" for the purposes of UK legislation
Hacked USB flash firmware is a very common trick.
It's only discoverable by trying to write and read back the full reported size.
Perhaps my favourite marketing USB stick muppetry was the metal half-shelled USB memory stick handed out by several companies a few years back.
Those would quite easily go in upside-down, so you can guess what happened...
-
-
-
-
Monday 8th August 2016 23:59 GMT John Brown (no body)
"We apologise for any inconvenience"
No, Mr/Mrs O2 PR flack. You should be apologising for the inconvenience caused. "We apologise for any inconvenience" sounds like you hope there wasn't any. You have actually inconvenienced everyone who received one of these USB sticks, not just the those who got infected ones. You've also inconvenienced every company or organisation who think they may have received one.
I wonder how many work hours and at what pay rates this has generated, and therefore tangible loses to those concerned?
-
Tuesday 9th August 2016 17:17 GMT UncleZoot
And the numpties at Brit O2 would be sending their tech support people out for a cleaning of the system before I found another supplier.
Where I worked before, the USB bus was disabled other than for the keyboard and hard wired mouse.
After it became impossible to purchase keyboards with wired mouse, we modified the OS to only recognize specific devises.