Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

TomTom 910 – bundled software infected with malware

January 30th 2007 in Uncategorized

More specifically the TomTom software being distributed with the 910 was infected with win32.Perlovga.A Trojan and TR/Drop.Small.qp – an excellent write-up (and, I think, the article that originally broke the news) is available here
http://www.daniweb.com/blogs/entry1276.html


TomTom’s statement about the situation is here which notes that the satnavs were produced between September and November last year:
http://www.tomtom.com/news/category.php?ID=2&NID=349&Language=1


Regarding TomTom’s statement that the viruses are “low risk”, I say B*LLS*T. There is no such thing as a trojan that is not dangerous.  If that trojan is used to morph your system into a spambot, that is dangerous – if it is used to host somebody’s p0rn or warez collection, that is dangerous.  If your infected system is added to a botnet for DDOS attacks, that is dangerous.


Nobody has any way of knowing what the end result of infection by that trojan is going to be, and how the bad guys are going to use the access granted by said trojan, and therein lies the real danger.  It is all well and good to tell victims to delete the two affected files that TomTom installed (copy.exe and host.exe) but what about the crud that is installed on a system *by* that trojan – hands on experience has shown me that the crud that is downloaded and installed by such trojans after infection can be extremely difficult to detect and remove.


Detection of perlovga has been available since July 2006 – two months before TomTom started distributing the trojan, so where was their antivirus protection?  How did this trojan get into their production environment? Just like happened with Apple, who distributed a mystery number of iPods infected with the RavMonE virus, we are seeing the end result of a basic breakdown in quality control and antivirus protection.  It simply isn’t good enough to distribute between September and November malware that has been detectable since July.


Well, at least they didn’t try to blame Windows, unlike Apple:
http://msmvps.com/blogs/spywaresucks/archive/2006/10/18/184326.aspx


One comment to...
“TomTom 910 – bundled software infected with malware”

Brian

I purchase the TomTom 910 and the Trojan was recognized. Has there been a new update and release that will kill the trojan?


Microsoft have released a series of updates for Windows Vista, both x86 and x64 versions, including (finally) a phishing filter update for IE7 that speeds up Web surfing – the XP version of the phishing filter update was released a while back.
Here’s what you will see in a corporate environment if you are using WSUS:If updates [...]

Previous Entry

Yay. Thanks to Susan for pointing this out.
Available here:http://www.microsoft.com/downloads/details.aspx?familyid=25bb5f65-4734-4268-b2b1-1606dceac06f&displaylang=en&tm
Fixes the following issues:
• 917718 The ISA Server Control service may not start after you rename and then restart a computer that is running ISA Server 2004 • 917265 Error message when client computers that are behind a proxy server access Web sites that are published by [...]

Next Entry