Asus Ships Eee PCs With Malware

An anonymous reader writes "'According to an email sent out by Asus, PC Advisor reports, the Eee Box's 80GB hard drive has the recycled.exe virus files hidden in the drive's D: partition. When the drive is opened, the virus activates and attempts to infect the C: drive and any removable drives connected to the system.'"

How did they...

[SupremoMan (912191)]

get Vista to run on that thing?

Close, but no cigar

[SL Baur (19540)]

Quoting TFA:

According to Symantec, the malware is likely to be the W32/Usbalex worm, which creates an autorun.inf file to trigger recycled.exe from D:

The real bug is any O/S stupid enough to be designed to automatically execute things on media when loaded. That's a remarkably stupid design.

Re:

[smash (1351)]

Vista doesn't do that, it prompts when media is inserted.

Re:

[SL Baur (19540)]

Prompt or no, it's still a stupid thing to do. You do not want to run anything new landing on a system by default or even prompt to have it run.

It's a remarkably stupid design.

Please clarify how it is remarkably stupid

[tepples (727027)]

You do not want to run anything new landing on a system by default or even prompt to have it run.

It's a remarkably stupid design.

So should a DVD player or home theater PC not start the DVD or prompt the user to start the DVD? Should a video game console or gaming PC not start the game or prompt the user to start the game? Please clarify.

Re:Please clarify how it is remarkably stupid

[Bert64 (520050)]

A DVD player is a single purpose device, it reads data from the drive and may execute some sandboxed scripting, unless there are security holes in the player program it's unlikely to be an issue, and since dvd players are typically standalone its unlikely to be a problem.

A games console is also a single purpose device, it's purpose is for providing entertainment...

A fully fledged computer is not a single purpose device, whereas some are used like games consoles solely for entertainment, some people actually try to get important work done on them and deal with confidential data using them. If something is a toy then fair enough, but for a critical tool that could hold the keys to your business and finances there is no way it should do something so stupid as to execute unknown binaries as soon as media is inserted.

The sooner people separate their devices, and stop trying to conduct business or deal with their finances on the same machine they use as a general toy the better.

Re:Please clarify how it is remarkably stupid

[Darkness404 (1287218)]

The sooner people separate their devices, and stop trying to conduct business or deal with their finances on the same machine they use as a general toy the better.

No. No. No. Thats exactly what the software/hardware companies want us to do. For example, the TiVo is basically a computer, however, it cannot be modified to run whatever we want it to run unlike a computer. The hardware companies and software companies want us to have one device per purpous, that rather than just having 2 desktops and a laptop they want us to have an iPod for playing music, a TiVo to only record shows, a gaming PC only for playing games, a work PC only to work on, a cell phone only to make calls, a camera only to take pictures, etc.

Re:

[Jaktar (975138)]

My GRUB prompts me what I'd like to run, is that stupid?

Re:

[SL Baur (19540)]

A prompt will only decrease the percent of people that fall victim.

Exactly, hence my comment "it's a remarkably stupid design."

Re:Close, but no cigar

[Alex Belits (437)]

A prompt will only decrease the percent of people that fall victim. IMO, if an inserted media has files flagged to autorun, a prompt should only appear if a user has already installed a program to handle that format. In this sense, a DVD can have a 'play DVD' prompt *IF* the user has approved that behavior and *IF* the program executed is already installed.

DVD (or anything that "has already installed a program") does not "run", it contains no executable code, only data and minimal scripts that are interpreted (or ignored) by the player.

The idea to ACTUALLY RUN EXECUTABLE CODE JUST BECAUSE IT APPEARED ON SOME MEDIA is far, far more stupid than any automated playback. When player is automatically started, it might create a security hole because player may be buggy. Running executables is a security hole all in itself. There should be no questions, no dialog boxes, no anything that will even suggest that the user might want to run those things until the user runs the executable or installs it as a handler for something.

Re:

[1u3hr (530656)]

The real bug is any O/S stupid enough to be designed to automatically execute things on media when loaded. That's a remarkably stupid design.

In general, yes. But normally one would trust files on your own hard disk.

Re:

[SL Baur (19540)]

In general, yes. But normally one would trust files on your own hard disk.

Sigh. You're new here, let me try a car analogy.

This is like driving a car in the US with a large sign on top that lights up "I WANT TO BUY SEX FROM YOU, open the passenger side door and give it to me baby!" every time you drive by a person of your preferred gender on the sidewalk.

Clear now?

Re:

[tsa (15680)]

Hey, there's an idea!
 
/runs off to the shop to buy a spray can of paint.

Re:

[Spy der Mann (805235)]

I believe autorun.inf files should be used only for convenience when installing software from CD's. That's what they were made for.

But an autorun.inf from a read-write medium!? You're 100% right - it's an extremely stupid idea. And it's annoying since my own USB files get infected once in a while. I have to delete the autorun.inf and whatever .exe sneaked in whenever I open it in my Linux box.

Re:

[SL Baur (19540)]

Microsoft should be shot for leaving this feature on by default.

? They are the idiots who incorporated the misfeature ignoring decades of prior experience in the field.

Re:That's why you shut off auto-pwn

[RiotingPacifist (1228016)]

hack the registry? that sounds hard i think im just going to install gentoo instead.

Quite an accomplishment ...

[tomhudson (43916)]

I guess it means they found a way to cram Vista onto it ...

Appropriate for the D drive

[by Anonymous Coward]

D:

Windows is NOT a virus

[by Anonymous Coward]

No, Windows is not a virus. Here's what viruses do:

        * They replicate quickly - okay, Windows does that.

        * Viruses use up valuable system resources, slowing down the system as they do so - okay, Windows does that.

        * Viruses will, from time to time, trash your hard disk - okay, Windows does that too.

        * Viruses are usually carried, unknown to the user, along with valuable programs and systems. Sigh... Windows does that, too.

        * Viruses will occasionally make the user suspect their system is too slow (see 2) and the user will buy new hardware. Yup, that's with Windows, too.

Until now it seems Windows is a virus but there are fundamental differences:Viruses are well supported by their authors, are running on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.

So Windows is not a virus.

It's a bug.

Re:

[Sta7ic (819090)]

Windows replicates quickly? You must never have had to nuke'n'pave a laptop...

Re:Windows is NOT a virus

[Antique Geekmeister (740220)]

You've obviously not looked at much virus, worm, or malware software. It's mostly crap, assembled by people who think that inventing their own version of a sorting function or a password checker makes them 3l33t. Some of it is insightful, but mostly it's assembled like kids building go-carts from a junkyard of parts.

Too bad they didn't stick with only Linux

[markdavis (642305)]

...then maybe this wouldn't have happened?

Take a great concept- the netbook... a small, light, inexpensive, flash-based, long-battery life, Linux based system. Then ruin it by making it a large, heavier, expensive, hard-drive based, medium battery life, MS-Windows based system.

Oh well. I guess some people didn't "get it".

Re:Too bad they didn't stick with only Linux

[cbreaker (561297)]

Strange. I am using Ubuntu right now using WPA2 and it seems to be working. Or, I could just be imagining this.

Which is entirely possible, because I can't understand why someone would be afraid to post a slashdot post without clicking the Anonymous button.

Re:

[ryanov (193048)]

The Eee ships without a wireless stack that can do WPA, or at least did. I worked on one for someone, and that was their issue. This may have changed by now, but it sure was a stupid move at the time.

Re:Too bad they didn't stick with only Linux

[JesseMcDonald (536341)]

That may have been true of the Eee 700 series, but I have an Eee 900 and it had no trouble connecting to my WPA-PSK access point with the default software. It would've been easier with NetworkManager [gnome.org] instead of their custom configuration interface, but it worked nonetheless.

What I really don't understand is why, for a project which started out Linux-only, it contains so much hardware with mediocre-to-poor Linux support: the wireless card and the Ethernet adapter both require out-of-kernel drivers; the ACPI interface can't seem to get the battery capacity right; the sound support is flaky at best due to incomplete specs; and yet another driver was required for basic ACPI support (now part of the kernel). I managed to get it all working under a stock distro (Debian) eventually, and I'm quite happy with it -- I like a challenge now and then -- but if you're going to build a Linux laptop, why not pick hardware known to be compatible?

Re:Too bad they didn't stick with only Linux

[by Anonymous Coward]

What I really don't understand is why, for a project which started out Linux-only, it contains so much hardware with mediocre-to-poor Linux support

Because the use of Linux was accidental, not the objective. The target was to make it inexpensive.

No WPA has ALWAYS worked on the eee

[baileydau (1037622)]

The Eee ships without a wireless stack that can do WPA, or at least did. I worked on one for someone, and that was their issue. This may have changed by now, but it sure was a stupid move at the time.

I have a 701 and it connects to my WPA secured access point just fine, and always has (using the default Xandros installation). The setup was an extremely trivial point and click exercise. The hardest bit was correctly entering the passphrase, as it puts it into a password type field (hashed out as you type). That's not a bad security feature, but it doesn't help usability. I ended up copying and pasting it.

If it ever couldn't do that it was *very* early in the piece. I bought one of the first ones in

Re:

[quantumphaze (1245466)]

The 701 EEE could use WPA-PSK, the wireless encryption common to most consumer grade routers.

What it can't do is WPA-EAP that is commonly found in corporate environments and universities. This is probably what the parent was trying to say. You can see it's SSID, but when trying to connect it only gives a box for you to type the password but nowhere for the username.

The workaround for it was to install the wpa_supplicant package from Debian and hope that it worked.

Re:

[markdavis (642305)]

I agree with ryanov, the poster might have been commenting about problems with WPA2 on the EEE pre-installed version of Linux, rather than Linux, in general. Or, he might just be a troll.

But cbreaker is also right- loading Mandriva (or certain other distros) on the EEE will certainly solve the WPA2 problem with the stock, limited Linux.

Re:

[bhtooefr (649901)]

Every time I've tried Ubuntu, it couldn't speak WPA1 (but WPA2 was fine) without shitting all over itself, nor could it work with APs that weren't broadcasting their SSID...

Re:

[EvilIdler (21087)]

I tried out the latest Ubuntu beta as recently as today with WPA2 and a hidden SSID. Worked with an Intel 3945abg in a laptop. My problem with random hardware is always sound in Linux, not networking :/

Re:

[Alex Belits (437)]

Confirmed orders for the Linux only XO laptop stalled at around 700,000 units.

XO is neither designed as a consumer laptop, nor is available for purchase by individual users.

Re:

[Nutria (679911)]

When MSI ran into serious trouble with Linux returns,

The problem is, MSI doesn't say 4x what.

Thus, it's a meaningless statistic, and every time you read an article that mentions "Linux returns 4x greater than Windows" you wasted time learning nothing.

Just sloppy.

[fuzzyfuzzyfungus (1223518)]

This particular viral infestation doesn't look all that harmful; but it is really, really hard to feel good about the overall integrity of the system when things like this are happening. In fact, the fact that the virus is so pitiful makes it even worse; because it suggests that high-density fuckupitude, rather than sophisticated malice, is all it takes to get a serious defect onto loads of production systems.

Just another reason to always build and verify your own system images, I guess.

Re:

[cbreaker (561297)]

I guess so. But out of the millions and millions of PC's that have shipped with Windows, only a very, very small few (thousands) have shipped with something like this. And of those, only a few hundred of these went out, and it's not like the virus was running - it was in the deleted items area.

Sloppy, yea, and a big oops. But really, I don't think it's that big a deal.

Re:

[Sabriel (134364)]

But this isn't the first or even the second time Asus has slipped up recently. I've personally encountered their recovery dvds (on recent F8 models); add this and their preinstall/recovery people really need the cluestick applied.

What's the problem again?

[Chordonblue (585047)]

I was only interested in a couple things with the eee:

- It runs Linux well.
- It's really small.
- It's pretty cheap.

That's about it. Any business of this thing running Windows in the first place is a mystery to me. We bought a number of these for students here and they love them to death (yes, even with Linux).

Re:

[cbreaker (561297)]

A lot of folks love running Linux on these small devices. It's small, boots fast, does what you want it to do. I know I like Linux on these kinds of toys.

But, this one is billed out to be a mini-PC, and a lot of people wanted Windows on it, so Asus made a model that is big enough to run Windows.

Ho hum.

Re:

[pembo13 (770295)]

Which is suprising seeing as these netbook manufactures seem to be putting little to no effort into it. Wifi cards driven by Ndiswrapper? I would have expected a "5s" boot from a netbook manufacture before some hackers.

Thank FSM

[MadUndergrad (950779)]

Oh thank god I have the 20GB version. Also Linux.

Inaccurate Title

[TrekkieTechie (1265532)]

"Eee PC" =/= "Eee Box"

The Eee PC is Asus' line of netbooks. The Eee Box is Asus' line of nettops. While in some ways they are similar, in other important ways they are very different products.

Linux Version

[_Sprocket_ (42527)]

I bet it doesn't come on the Linux version.

When will we get equal treatment from hardware vendors?

Re:

[tragedy in chaos (1382095)]

They probably over looked it figuring, what with it being Windows and all, that it wasn't going to work properly anyways.

Re:

[Max Romantschuk (132276)]

Windows on netbooks/nettops really makes no sense. I bought my wife an EEE PC a while back. She doesn't like computers in general, and I can't say that she's seen the difference really. She cares about browsing the net and reading her email. That works like a charm with the included Xandros Linux.

When I get mine (they are soo cute, gotta have one ;) it's going to be sporting Ubuntu EEE which seems to be maturing nicely.

Re:

[_Sprocket_ (42527)]

Simply because it wouldn't be so hard to just load a virus, written specifically to the Linux version that EEE is using. Shouldn't be hard and will achieve the same thing.

Isn't that always the way, though? Here the community has provided perfectly functional [wikipedia.org] Linux malware and the manufacturer has ignored all that work. Talk about a missed opportunity.

Re:Linux Version

[fractoid (1076465)]

Shouldn't be hard and will achieve the same thing.

What's that, watching people download porn or blag stuff to Facebook?

You should never use one of these for anything serious anyway, you can get root on one of them by scratching its belly and rubbing its ears.

Asus 3e. Now with Windows!

[smchris (464899)]

And a bright, shiny prize in every box.
Good to the last byte!

But mind the spoilage date.

Re:

[tsa (15680)]

Why is it that many people suddenly don't seem to learn punctuation and capitalization in school anymore? Your post might be very interesting or insightful but sorry, my eyes hurt just looking at it.

Re:

[robo_mojo (997193)]

You have eleven open-parens but only ten close-parens! Arrrrrrrrg!

Wow. Just... wow.

[hackshack (218460)]

I don't know if it's because I'm running on no sleep, or that images of patch panels are swimming in front of my eyes due to a late-night rack-a-thon, but that was one fine rant.