Security

Taiwanese cops give malware-laden USB sticks as prizes for security quiz

What was second prize? We think we'd rather have that

By Richard Chirgwin

17 SHARE

Winners of a security quiz staged by Taiwan's Criminal Investigation Bureau may be wondering why they tried so hard to do well after some of the USB drives handed out as prizes turned out to be wretched hives of malware and villainy.

According to the Taipei Times, the Bureau hosted an infosec event in December 2017, and gave 250 drives to people who won a cybersecurity quiz.

It's since emerged that 54 of the 8GB drives were infected by a computer used by an employee of supplier Shawo Hwa Industries Co “to transfer an operating system to the drives and test their storage capacity”.

While the dongles were manufactured in China, the Taipei Times said there's no suggestion that espionage was a motive.

The good news is that the infection was an old virus Chinese-language site Liberty Times names as “XtbSeDuA.exe” that tries to steal personal data from 32-bit machines.

The CIB says stolen data was forwarded to a relay IP address in Poland which in 2015 was associated with 2015 Europol raids on an electronic funds fraud ring. The police added that the server receiving the data from the latest infections has been shut down.

The prizes were handed out from December 11 to December 12, when complaints from the public started arriving, but 34 of the drives are still in circulation somewhere. ®

Sign up to our NewsletterGet IT in your inbox daily

17 Comments

More from The Register

Google Play Store spews malware onto 9 million 'Droids

How did these get through the net?

Microsoft distie Entatech goes TITSUP

KPMG appointed to pick over bones of Midlands-based biz

Wannacry-slayer Marcus Hutchins pleads guilty to two counts of banking malware creation

'I regret these actions and accept full responsibility for my mistakes'

Lazarus Group rises again from the digital grave with Hoplight malware for all

Norks trigger Uncle Sam's alarm with attack variant

Cover your NASes: QNAP acknowledges mystery malware but there's no patch yet

Anti-antivirus root-rooting weirdness just gets deeper

Late with your financial paperwork? Here's a handy excuse: Malware smacked your bean-counter cloud offline

Accountancy SaaS CCH falls over, thanks to nasty infection

Google's secret to a healthy phone? Remote-controlling your apps

Look Ma, no not much malware!

McAfee: Oops, our bad. Sharpshooter malware was the Norks' Lazarus Group the whole time

Access to C'n'C server data shows state hackers weren't smart enough for false flags

Banking trojan-slingers slip past Google Play's malware defences

BankBot nestled within allegedly 'fun' mobile game

Google Play Protect is 'dead last' at fingering malware on Android

Don't expect ads giant to stop all software nasties for you – it certainly can't