Anything your network can see can be infected, warns McAfee
1 min read
Hard drives, MP3 players, USB drives and GPS devices can and are being infected by malware – and can threaten your IT networks.
That’s the warning from McAfee which points out that anything a PC will recognise as a hard drive – such as SD cards for digital cameras if plugged into a multi-card-reader, some cell phones, toys, CDs and DVDs – can be infected by a variety of worms, some explicitly designed to infect removable media.
Ironically, says McAfee , the most likely culprit is a manufacturer’s QC process. “As devices like this come off of the assembly line, and before they get packaged and shipped to the distributor or retailer, someone has to check some or all of those devices to make sure they work correctly,” says a company blogger.
That probably means plugging them into a PC to make sure that the operating system sees the memory correctly and can copy files. But if QC can copy files to the device, so can a worm if one is installed on the test PC.
McAfee offers the following advice. Ask for your supplier’s process for ensuring that media are malware-free. They should be able to provide the scanner(s) used, update frequencies, scan settings and audit procedures. What is their process if an infection IS discovered during the check? Verify that their process does not include any connections to other devices after their scanning procedure.
Ask whether all devices are checked, or only a portion. If a portion, what percent? Do they all go through the same computer, or multiple ones, and how many? This will help you decide how many you may want to spot-check.
If the supplier/manufacturer checks one in 10 devices and does so using 10 different computers, any particular CD has a 1 in 100 chance of being infected if one has been compromised.
Request scan logs or audit logs for the specific batch you purchased to be delivered with the devices.
If you buy a device and want to make sure you don’t end up infecting your computer with it, the following tips may help: First, disable the Windows AutoPlay feature. Second, use up-to-date anti-malware software and make sure it is turned on and set to scan removable drives. Third, manually scan the entire drive after first connecting it and with AutoPlay disabled.
