maybe they should listen to their own advice and run anti-virus in their office so that workers can't infect machines by accident.

Is it just me or is there an increasing number of these happenings.

Why USB devices such as keys, Ipods etc shouldnt be allowed anywhere near the corporate network.

This kind of thing could well be more of a problem than data theft that these devices are advertised as being capable of by the sofftware vendors.

Disable USB in bios (password Protected) PS2 keyboards and Mice only

Factory worker accidentally infects device image master? totally plausible scenario.

The Iliad has a Trojan Horse in it?

If there were ever a definition of poetic justice, this has to be it.

...it's Linux, how can it have malware on it?!

</irony>

The device is Linux powered, BUT it is detected as a mass storage device by Windows. It's not Linux itself that is infected by the trojan(chances are if someone hacked about with the device and installed Wine there is the possibility that it would at least attempt to run the trojan, but that wouldn't happen automatically, and there's no guarantee that Wine would run it anyway!).

It's just the same as if someone had a trojan on USB pen drive, CD/DVD, iPod, the device themselves don't run the trojan (I haven't yet heard of an iPod running Windows), it's the Windows device with it's Autorun enabled that is running trojan.

I find it shocking that it made it through quality control to be honest.

Rob

http://www.microsoft.com/whdc/device/storage/usbfaq.mspx

Q: What must I do to trigger Autorun on my USB storage device?

The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. If you need to make a USB storage device perform Autorun, the device must not be marked as a removable media device and the device must contain an Autorun.inf file and a startup application.

But it's not hard to make it autorun:

"The removable media device setting is a flag contained within the SCSI Inquiry Data response to the SCSI Inquiry command. Bit 7 of byte 1 (indexed from 0) is the Removable Media Bit (RMB). A RMB set to zero indicates that the device is not a removable media device. A RMB of one indicates that the device is a removable media device. Drivers obtain this information by using the StorageDeviceProperty request." (same link)

I wouldn't be surprised if hardware manufacturers like to "help" people by enabling autorun in this way.

Didn't El Reg run a story a couple of months back about Adobe and Yahoo!(?) entering into a deal to _deliberately_ infect .pdf documents with adware?

I know, these types will always _claim_ it's "accidental", but somehow it sounds like a proof-of-concept of some sort, to me.

Never trust a Philippino bearing gifts!

Mine's the jacket next to the large shoe collection.

More likely that factory worker was slipped a few dollars by a VX gang: "Hey matey, if you just pop this file into the master disc for us we'll see your family gets fed for another week". Given the two cents an hour those workers probably earn, and the violence with which they are all too familiar, it would have been an "offer too good to refuse"...

Paris because she knows the effectiveness of slipping third-world workers a few dollars...