A maker of portable GPS devices admitted this week that an
"isolated number" of its products may contain malware that could
infect the corporate network with a virus.
On Tuesday, the maker of TomTom GO 910s said that a small number
of the devices produced in the fourth quarter of 2006 may have been
infected with a "low risk" virus. The company said the virus does
not affect performance of the GPS device, but when linked to a PC
or laptop, the devices could spread the virus onto a corporate
network.
According to an announcement on the TomTom Web site, the
infected devices were produced between September and November 2006
and were shipped with software version 6.51.
"In the isolated cases that a virus was detected, it was found
when the TomTom GO 910 was connected to the computer and, for
example, a back-up of the content on the device was being made,"
the announcement said.
The device makers recommend that TomTom users update virus
scanning software and, if a virus is detected, allow the virus
scanning software to remove the 'host.exe' file, 'copy.exe' file or
any other variants. The company cautions users not to try and
remove the malware manually.
But it may not be that simple, according to Dennis Szerszen,
vice president of corporate strategy for SecureWave, an endpoint
security vendor.
Szerszen said that in this instance, if the GPS device were
linked to a corporate PC via a USB plug, the malware on the device
could have propagated and spread onto the corporate network.
"Bottom line, plug and play has become just another threat
vector -- another way for malware to introduce itself into the
network," he said.
According to the Daniweb.com Web site, the TomTom device was
found to contain the win32.Perlovga.A Trojan and TR/Drop.Small.qp
on the satnav hard drive within the copy.exe and host.exe files.
The files could prompt Windows to use the AutoRun feature to run
malicious software.
William Bell, director of security for CWIE Holding Co., a
Tempe, Ariz.-based e-commerce solutions provider, said the TomTom
bug is "part of the whole evolution of viruses." He said viruses
now are sliding in by the backdoor somewhere, even in places that
typically seem innocuous.
"The major concern is somebody brings [a TomTom] in thinking, 'Oh,
I'm going to update my TomTom with the new software,'" Bell said,
adding that the user, even if the intent wasn't malicious, could
introduce the viruses to the networks. "Even if it was something
that destroyed just the computer it was connected to, that would be
bad enough."
Bell said companies need to be protected against unknown
viruses, worms and Trojans that may enter through endpoints like
the TomTom or other vectors.
"It used to be, 'Oh my God, this is going to crash my
computer,'" he said. "That's not what scares me most these days.
It's data leakage that really scares me. You have to take every
safety precaution to protect valuable assets."
While neither he nor TomTom could say what would happen if this
particular virus got onto a corporate network, Szerszen said there
are three things that malware tries to do when plugged into the
network: breach confidentiality, damage the integrity of data, and
make resources unavailable. All three possibilities are likely when
malware is introduced via a mobile device or an endpoint.
TomTom said there has been no reported case of the virus
spreading, but Szerszen noted that an incident such as this should
act as a wake-up call for enterprises and prompt them to reevaluate
what types of devices they let link to the network.
"A lot of companies don't pay attention," he said, adding that
many organizations allow iPods, USB sticks, cameras and
unauthorized cell and smartphones to get onto the network without
knowing the risks they present.
"Companies have to educate themselves and learn what their
exposures are," he said.
From there, companies need to review their policies regarding
what kind of devices can access network resources and what they can
do while they're attached.
"There has to be a company policy on what devices can be plugged
in and how they're used," Szerszen said.
In many instances, antivirus and other protective software may
stop malware from entering the network, but according to recent
statistics from Yankee Group, of the 99% of corporations with
antivirus or some other protection, 52% still had some sort of
viral infection.
"If malware wants to find a way in, it's going to find a path,"
Szerszen said. "I can't imagine this is going to be the last we'll
see of this."