maybe
maybe they should listen to their own advice and run anti-virus in their office so that workers can't infect machines by accident.
An adware package has turned up on the latest e-book devices from iRex, and will install itself automatically onto a connected PC if it gets the chance. The infection appears to be the imgInSOY worm, which copies itself between removable media and uses autorun.inf to infect any Windows system it comes across. In addition to …
Why USB devices such as keys, Ipods etc shouldnt be allowed anywhere near the corporate network.
This kind of thing could well be more of a problem than data theft that these devices are advertised as being capable of by the sofftware vendors.
Disable USB in bios (password Protected) PS2 keyboards and Mice only
The device is Linux powered, BUT it is detected as a mass storage device by Windows. It's not Linux itself that is infected by the trojan(chances are if someone hacked about with the device and installed Wine there is the possibility that it would at least attempt to run the trojan, but that wouldn't happen automatically, and there's no guarantee that Wine would run it anyway!).
It's just the same as if someone had a trojan on USB pen drive, CD/DVD, iPod, the device themselves don't run the trojan (I haven't yet heard of an iPod running Windows), it's the Windows device with it's Autorun enabled that is running trojan.
I find it shocking that it made it through quality control to be honest.
Rob
http://www.microsoft.com/whdc/device/storage/usbfaq.mspx
Q: What must I do to trigger Autorun on my USB storage device?
The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. If you need to make a USB storage device perform Autorun, the device must not be marked as a removable media device and the device must contain an Autorun.inf file and a startup application.
But it's not hard to make it autorun:
"The removable media device setting is a flag contained within the SCSI Inquiry Data response to the SCSI Inquiry command. Bit 7 of byte 1 (indexed from 0) is the Removable Media Bit (RMB). A RMB set to zero indicates that the device is not a removable media device. A RMB of one indicates that the device is a removable media device. Drivers obtain this information by using the StorageDeviceProperty request." (same link)
I wouldn't be surprised if hardware manufacturers like to "help" people by enabling autorun in this way.
Didn't El Reg run a story a couple of months back about Adobe and Yahoo!(?) entering into a deal to _deliberately_ infect .pdf documents with adware?
I know, these types will always _claim_ it's "accidental", but somehow it sounds like a proof-of-concept of some sort, to me.
More likely that factory worker was slipped a few dollars by a VX gang: "Hey matey, if you just pop this file into the master disc for us we'll see your family gets fed for another week". Given the two cents an hour those workers probably earn, and the violence with which they are all too familiar, it would have been an "offer too good to refuse"...
Paris because she knows the effectiveness of slipping third-world workers a few dollars...