Having a Malware Christmas

Apparently some Amazon customer got a little extra something under the tree this year:

Amazon.com Inc. last week warned customers running Windows XP that a Samsung digital photo frame it sold through earlier this month might have come with malware on the driver installation CD.

It’s interesting the Samsung isn’t saying how the malware got onto to the CD. They may have no idea.

This highlights one of the least appreciated dangers today, malware in the supply chain. From infected CDs to credit card readers with a built-in back door, 2008 saw a spate of incidents with malware being injected in the manufacturing process. It’s hard to imagine how this isn’t going to get a lot worse unless manufacturers overhaul their processes.

This also relates to a point I made previously about how a company treats its employees will affect its overall security. Low paid or ill treated workers will be much more easily tempted by bribes to slip some malware into system. The problem is made worse by outsourcing components. A security breach in a tiny sub-contractor can cause a black-eye on a major multi-national corporation.

Expect a lot more of this in 2009.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s