Tired of surfing the Web looking for malicious code? Weary of waiting for that e-mail with the infected attachment? Well, your wait is over. From the same folks who brought you lead-painted toys and antifreeze-laced pet food come hardware devices with malware conveniently preloaded.
There have been a growing number of reports of devices such as digital picture frames and navigation devices that come from the store already infected with viruses. The one thing they seem to have in common is that they are manufactured in China.
Zulfikar Ramzan, senior principal researcher at Symantec Security Response, said he doubts that the infections are part of a vast Chinese conspiracy.
'It might just be that a lot of manufacturing is being done there,' he said.
Although the incidents have begun to appear on the radar ' most notably with the infected Apple iPods discovered last year ' 'it's not really a trend yet,' Ramzan said. 'I wouldn't call it serious, but I would call it worrisome.'
Just how worrisome remains to be seen, but the potential of this new vector for infection is great considering the number of programmable devices with memory that can interface with computers today. And that number is only going to grow. One of the promises of IPv6 is that with the expanded address space, everything from your refrigerator to your toothbrush can be IP-addressable.
There is speculation that the infections found so far could be accidental, coming from compromised computers used to test the finished products, but it is by no means certain that it is not malicious. The good news is that upto- date antivirus software can catch this malicious code, regardless of its source. The code found on hardware devices so far has been old and easily recognized, Ramzan said. But the code could become more sophisticated. Preloaded hardware for malware delivery could just be in the testing stages. 'As soon as it becomes profitable, you'll start seeing more of it,' Ramzan said. ' William Jackson
William Jackson is a senior writer of GCN and the author of the CyberEye blog.