Tag Archives: Malware

Having a Malware Christmas

Apparently some Amazon customer got a little extra something under the tree this year:

Amazon.com Inc. last week warned customers running Windows XP that a Samsung digital photo frame it sold through earlier this month might have come with malware on the driver installation CD.

It’s interesting the Samsung isn’t saying how the malware got onto to the CD. They may have no idea.

This highlights one of the least appreciated dangers today, malware in the supply chain. From infected CDs to credit card readers with a built-in back door, 2008 saw a spate of incidents with malware being injected in the manufacturing process. It’s hard to imagine how this isn’t going to get a lot worse unless manufacturers overhaul their processes.

This also relates to a point I made previously about how a company treats its employees will affect its overall security. Low paid or ill treated workers will be much more easily tempted by bribes to slip some malware into system. The problem is made worse by outsourcing components. A security breach in a tiny sub-contractor can cause a black-eye on a major multi-national corporation.

Expect a lot more of this in 2009.


Is Plaxo Malware?

The IT Skeptic thinks so:

Who else thinks Plaxo is an unethically intrusive piece of malware?

Recently I started using this thing again after ripping it out years ago as a dangerously intrusive invasion of my privacy. Plaxo apologised back then for being worms.

It is no better now. As far as I am aware I gave no permission to Plaxo to upload my email contacts, nor to email them all inviting them to Plaxo. But it did. Including my dead father.

I don’t doubt that Plaxo has successfully socially engineered me into doing this and that they would be able to point to something I clicked to make it happen.

But guess how easy it is to unravel this stuff. not. Every single one of my Outlook contacts needs to be manually deleted, one by one.

I haven’t ever used Plaxo, so it could be that these complaints are unjustified. I did find it interesting that the one time I tried to look at the service it was forbidden by the BMC firewall.

I would be curious to hear from people that have had a positive experience using this service.