Mystery political gifts could be true Trojan horses
West Virginia’s governor is hoping a generous supporter is responsible for five laptops which arrived at his offices without warning. But it’s looking suspiciously like a truly old-school Trojan tactic which could be being used nationwide.
The computers arrived, addressed to Governor Joe Manchin (pictured), over the course of a week earlier his month. However, staff realized they had not been ordered and contacted authorities rather than even go as far as switching them on. The machines are now being held as evidence by state police.
The state’s chief technology officer told ComputerWorld, in a wonderful piece of understatement, that “Our expectation is that this is not a gesture of good will.”
If this was the work of a scammer, they did their homework: the machines were all either Compaq brand or from its parent company Hewlett Packard; HP has the contract to supply government computers across the state.
It’s reported that similar mystery orders to government offices have been made for HP computers in ten states nationwide; four were delivered, while six were intercepted by authorities. There’s no evidence yet of any of the delivered computers being infected with viruses, spyware or other malicious software.
The most curious aspect is that it appears all the computers were ordered online (by a person or persons who don’t work for the government offices concerned) but were shipped direct from HP. If there is a security scam going on, that would presumably have to involve a source inside the company. HP has not commented on any virus issues, but says it is working with the authorities to investigate “fraudulent” orders.
ComputerWorld reports that there are several similar security scams known to be in operation. The simplest, and cheapest, is to leave an infected USB stick in the vicinity of an organization’s office in the hope that a curious employee will find it and stick it in their work computer to try to track down the owner. A flaw in the way Windows handles auto-run settings makes it much easier to trick users into then installing rogue software, thinking they are actually opening a folder to examine files.
Related Posts:
August 28th, 2009
You would have to be pretty stupid to fall for that USB stick scam LOL.
September 5th, 2009
Perhaps you’d like to rephrase that that, ncaissie.
If you are a computer-savvy person, who is also security conscious, and is technically knowledgeable, then you may be considered stupid to fall for this.
The problem is that the overwhelming majority of users are not very computer literate, have limited or rudimentary technical knowledge, and are not schooled-up on what constitutes a threat.
For example, I work in a medical environment with some extremely astute colleagues who have forgotten more about emergency medicine that I have ever learnt. None of these people is stupid – in fact, I couldn’t think of anyone else I would want looking after me if I was at death’s door.
But the reverse is true when it comes to IT – they know only what they need to know to access common internet and computer functions.
So less about the stupid comments, eh?