Security

Taiwanese cops give malware-laden USB sticks as prizes for security quiz

What was second prize? We think we'd rather have that

By Richard Chirgwin

17 SHARE

Winners of a security quiz staged by Taiwan's Criminal Investigation Bureau may be wondering why they tried so hard to do well after some of the USB drives handed out as prizes turned out to be wretched hives of malware and villainy.

According to the Taipei Times, the Bureau hosted an infosec event in December 2017, and gave 250 drives to people who won a cybersecurity quiz.

It's since emerged that 54 of the 8GB drives were infected by a computer used by an employee of supplier Shawo Hwa Industries Co “to transfer an operating system to the drives and test their storage capacity”.

While the dongles were manufactured in China, the Taipei Times said there's no suggestion that espionage was a motive.

The good news is that the infection was an old virus Chinese-language site Liberty Times names as “XtbSeDuA.exe” that tries to steal personal data from 32-bit machines.

The CIB says stolen data was forwarded to a relay IP address in Poland which in 2015 was associated with 2015 Europol raids on an electronic funds fraud ring. The police added that the server receiving the data from the latest infections has been shut down.

The prizes were handed out from December 11 to December 12, when complaints from the public started arriving, but 34 of the drives are still in circulation somewhere. ®

Sign up to our NewsletterGet IT in your inbox daily

17 Comments

More from The Register

Google Play Store spews malware onto 9 million 'Droids

How did these get through the net?

Microsoft distie Entatech goes TITSUP

KPMG appointed to pick over bones of Midlands-based biz

Cover your NASes: QNAP acknowledges mystery malware but there's no patch yet

Anti-antivirus root-rooting weirdness just gets deeper

Google's secret to a healthy phone? Remote-controlling your apps

Look Ma, no not much malware!

Google logins make JavaScript mandatory, Huawei China spy shock, Mac malware, Iran gets new Stuxnet, and more

Roundup Plus, SystemD gets system de-bugged, again

Malware-flinger stingers, indexing and ever-changing data access patterns

Roll up, roll up for an end-of-holiday storage roundup

Banking trojan-slingers slip past Google Play's malware defences

BankBot nestled within allegedly 'fun' mobile game

Google Play Protect is 'dead last' at fingering malware on Android

Don't expect ads giant to stop all software nasties for you – it certainly can't

Q. What connects the global financial crisis, Ursnif malware, and Coldplay's Viva la Vida?

A. Bad things from 2008 we can't seem to shake

Another month, another malware outbreak in Google's Play Store

50 apps get pulled as ExpensiveWall malware runs riot in the store