Five Places Where Malware Hides
Malware has to live somewhere. And while some Web filtering solutions can detect known malware hosts, most malware hides in sites that are otherwise benign.
I've heard stories for, oh gosh, at least a year, maybe longer, about foreign-made gadgets being pre-loaded with malware. To be honest, I haven't used a USB memory stick in I don't know how long because of this concern.
That in mind, I'm not sure if I'm relieved or angry that the Department of Homeland Security (DHS) is just now getting around to telling us that the government has been aware of this threat for some time. According to an article on PCWorld:
Greg Schaffer, DHS assistant secretary for cybersecurity and communications ... admitted he is aware of instances when foreign-made technology was built with embedded security risks but did not elaborate on what kind of equipment DHS has encountered. He also pointed out that overseas components are found in many domestically manufactured electronics.
This revelation came as Schaffer testified to the House Oversight and Government Reform Committee. It also comes six months after a January U.S.-China Economic and Security Review Commission staff report that stated that concerns about tampering with hardware was theoretical.
ABC News reported earlier on an FBI investigation that looks at whether or not counterfeit routers and other hardware coming from China and installed on U.S. government computers were actually providing an opening for hackers. The ABC News article said:
Sources told ABC News the counterfeit hardware could represent a major breach to national security. An FBI PowerPoint presentation, which somehow ended up on a Web site, lays out the concerns and the breadth of what has been a far-reaching investigation.
Schaffer didn't say whether the equipment he was talking about included end-user consumer tech like retail laptops, DVDs and media players. If so, his comments, first reported Friday morning by Fast Company, would be the first time the United States has publicly confirmed that foreign consumer technology is arriving in the country already loaded with nasty bugs like key-logging software, botnet components and even software designed to defeat security programs installed on the same machine.