Scammers Take to eBay to Distribute Malware
A frequent eBay user was infected with malware after purchasing an iPod from the site.
An article over on [H]ardOCP brings an interesting twist to identity theft, especially for consumers who purchase gadgets from eBay such as iPods and MP3 players. A forum member contacted the site and reported that hackers may be loading up devices with malware and then throwing them up for bid on the auction site. Once consumers receive the purchased device and connects it to the PC, the malware snakes into the system and steals information.
The forum member provides an example, saying that after connecting an iPod to the PC, one "lady" lost $12,000 USD in cash along with three credit cards being maxed out in just a matter of days. "As we asked more questions, she said her computer had been running very slow since she purchased an iPod off eBay last week," the forum member said. "I looked on the iPod drive and there are numerous dll's, exe, and tons of malware."
It should come as no surprise that used gadgets up for sale anywhere could possibly contain some type of malicious code-- even trusted devices are no longer safe. Recently Vodafone discovered that over 3,000 HTC Magic smartphones issued to customers contained malware that somehow found its way onto a batch of memory cards prior to deployment. Malware has even been detected in software used with Energizer's DUO USB battery charger.
Consumers purchasing devices off eBay and other sites should remain cautious. While the prices are cheap, buyers may want to stick with trusted sources or break down and purchase a new version at a local retail store. Although nothing is completely safe anymore, out-of-the-box products are less likely to cause severe headaches in the end.
Or, you can just format the device before using it...
- Virgin Galactic Completes First Test Flight
- Skype Finally Hits Verizon Wireless Thursday
- Mozilla Releases Critical Fix for Firefox
- Microsoft's Natal Needs 4 Meters/13 Feet of Space
- GameCrush Lets You Hire a Girl to Play With You
- Apple Starts Selling iPhones Off-Contract
- GPU Cooling Mod Cures Xbox 360 RRoD Problem
- VIDEO: George Takei Blown Away by 4-color TV
- Bill Gates, Toshiba Team Up On Nuclear Reactor
- Opera Shows Apple a Better iPhone Web Browser
- Samsung Galaxy S Packs Super AMOLED, Android
- Microsoft: Natal Does Work in Small Living Rooms
- British Army Developing Force Field
- A Phone That Can Read Your Lips Is Coming
- Microsoft May Have Confirmed Dual-Screen Tablet
- Gmail Now Alerting Users of Suspicious Activity
- AT&T Initially Not Selling iPads Until 3G Arrives
- GameCrush Servers Overloaded in 5 Minutes
- Mars Rover Receives AI, Thinks for Itself
One question - Is it safe to just connect and format?
If it's not I see a market for a program to format "untrusted" devices safely, that is unless they start modding firmware....
Oh my, yet another burst of fuel for virus/malware-paranoia... "Watch out - you can get a virus off Tom's forums! It is theoretically possible...(not)"
Oh my, yet another burst of fuel for virus/malware-paranoia... "Watch out - you can get a virus off Tom's forums! It is theoretically possible...(not)"
It's possible. Depending on how Tom's selects it's ads, a company could easily use an ad to spread malware. But that's beside the point.
One question - Is it safe to just connect and format?
Just make sure that "ALL" AutoRun settings are set to Always Ask and that your Anti-Virus is configured to scan Removeable Drives.
This way the risk of something accidentally getting through before you can check to see what is present will be reduced, whether it be a flash drive, an ipod, a camera or something else.
I am just venting because some friends of mine always suspect viruses are the cause of every computer related problem they have...
I am just venting because some friends of mine always suspect viruses are the cause of every computer related problem they have...
Surfing and downloading habits could play a big part in that.
Why haven't you linked us to the forum Tom?
She probably didn't Format it because it had free music on it. Easy way to prevent the device from getting Formatted is to put good music on it from every genre so that they new owner wont Format it immediately.
Sometimes it seems as if there is no solution or end to the problem.
Easiest fix: Don't run Windows. Plenty of other (better) operating systems to choose from.
i can't tell how much i saw something like this coming. i personally never buy used electronics because stuff like this happens all too often. And with my luck....
Easiest fix: Don't run Windows. Plenty of other (better) operating systems to choose from.
As of right now there is no better operating system for the average consumer than Windows. This coming from a Linux user, it's still not ready for mainstream consumption. Tell the average user that he has to add a module and recompile a kernel to make his Wifi card work and they would crap their pants. Then there is the OSX argument, but the average consumer doesn't want to pay a $600 premium on last gen hardware for a logo and pretty interface.
Tell the average user that he has to add a module and recompile a kernel to make his Wifi card work and they would crap their pants.
Linux user my ass. When have you ever need to recompile the kernal to get WiFi working? Oh wait that's right, you didn't have to, because you're bull****ting. If you're only interested in Web browsing Ubuntu will do the job. It's not really a full fledge linux experience from a lean customization stand point, but it's better than attempting to teach ignorant windows users how not to get their computer raped.
My first thought would have been iTunes, but I suppose its not in this case...
My first thought would have been iTunes, but I suppose its not in this case...
yeah...it does that
stupid P4s at home are intensely slow with 13gb music, and another 3gb movies trying to open..LOL
or simply hold down shift button when connecting a device so the autorun won't start, and format the device
One question - Is it safe to just connect and format?If it's not I see a market for a program to format "untrusted" devices safely, that is unless they start modding firmware....
basically, it's all depending on the "Autorun" feature that comes with windows, once a device is plug into the pc OR in case the "Autorun" was disabled by the user, curiosity if you know what I mean ^_^
I disabled the "Autorun" and check the contents of each device I plug using the command prompt... If I see some malicious code I delete both the Autorun.inf and the executable file...
Hmmm... I think I'll cancel this toaster I just bought off eBay.
As of right now there is no better operating system for the average consumer than Windows. This coming from a Linux user, it's still not ready for mainstream consumption. Tell the average user that he has to add a module and recompile a kernel to make his Wifi card work and they would crap their pants. Then there is the OSX argument, but the average consumer doesn't want to pay a $600 premium on last gen hardware for a logo and pretty interface.
What Distro have you been using? There is no need for anybody to load a module and recompile squat to get Wi-Fi to work, in most Distro's it is set up automatically and if not it's set up using a GUI driven tool. As to the average user, they use what they are given and they cope. The average user is not as stupid as you think and if they were presented with a Linux PC they would cope and get on with it. Virus free of course.
Oh my, yet another burst of fuel for virus/malware-paranoia... "Watch out - you can get a virus off Tom's forums! It is theoretically possible...(not)"
FYI there was a ad server that was spreading(trying to) malware on Toms a while back. FireFox + NoScript + AdBlockPlus = WIN
What I really want to know is: How did digital code steal cash?
basically, it's all depending on the "Autorun" feature that comes with windows, once a device is plug into the pc OR in case the "Autorun" was disabled by the user, curiosity if you know what I mean ^_^I disabled the "Autorun" and check the contents of each device I plug using the command prompt... If I see some malicious code I delete both the Autorun.inf and the executable file...
I was really thinking along the lines of modding the firmware to spoof a usb id to windows, allowing it to think it's recognized device(i.e. certain printers) in an attempt execute code.
None the less good advice to turn autorun off and generally be careful of unknown files....
What I really want to know is: How did digital code steal cash?
Cash has always been about trust, unfortunately we trust 1's and 0's these days. If you can manipulate the numbers one way or another you can get cash.
Online banking details of one user > worthless card skimmed account of another + atm = cash.
Credit card details > empty house > goods bought online sold cheap = cash.
The good thing is that it's easier to track. So if they are gonna steel my info, i'd rather it be through an ebay item in which I have evidence and the police have something to work with, rather than some random drive by download.
How do you format a thumb drive or iPod without connecting it to your PC?
What Distro have you been using? There is no need for anybody to load a module and recompile squat to get Wi-Fi to work, in most Distro's it is set up automatically and if not it's set up using a GUI driven tool. As to the average user, they use what they are given and they cope. The average user is not as stupid as you think and if they were presented with a Linux PC they would cope and get on with it. Virus free of course.
I didn't really clarify that enough, not to install all wifi, just when new hardware isn't supported. I actually ran into this recently with a card that came with a mini itx motherboard. I have installed Linux on my girlfriends pc, and her probably being the average user has had too many problems with it, but then again I've been around to fix/install stuff and refer her to open source alternatives to programs she used in Windows. Regular consumers aren't dumb, just upset when things don't work automatically.
Hmmm... I think I'll cancel this toaster I just bought off eBay.
I didn't think Fermi was for sale yet?