funsec mailing list archives
Re: Spyware infection prompts McDonalds MP3 recall
From: Ron <iago () valhallalegends com>
Date: Mon, 16 Oct 2006 18:50:03 -0500
Does anybody know if it was possible to use "autorun" on the key to infect the systems, or would the user have to have opened the key and double-clicked on the malware?
From a cursory check on Google, it seemed to me that USB devices won't
autorun on Windows, but I'm not convinced that it can't happen. Ron rms () bsf-llc com wrote:
http://www.theregister.com/2006/10/16/mcd_spyware_mp3_recall/ Spyware infection prompts McDonalds MP3 recall Bitter aftertaste to Coke promo By John Leyden <http://forms.theregister.co.uk/mail_author/?story_url=/2006/10/16/mcd_spyware_mp3_recall/> ? More by this author <http://search.theregister.com/?author=John%20Leyden> Published Monday 16th October 2006 10:40 GMT Find your perfect job - click here for thousands of tech vacancies. <http://ad.doubleclick.net/clk;39093442;13533154;c?http://www.jobsite.co.uk/> McDonalds Japan has launched a recall after discovering that MP3 players it offered as a prize were loaded with a particularly nasty strain of malware. Up to 10,000 people might have been exposed to the problem after claiming a Flash MP3 player pre-loaded with ten tunes and a variant of the QQpass spyware Trojan <http://www.symantec.com/security_response/writeup.jsp?docid=2003-031213-1641-99>. Punters received the contaminated gift after purchasing a large drink form the fast-food chain in Japan and submitting a serial number contained on the beverage holder as part of a competition, sponsored by McDonalds and Coca-cola. Users who connected the McDonalds-branded MP3 player to their Windows PC were exposed to spyware code programmed to transmit their web passwords and other sensitive information to hackers. The cause of the accidental infection is unclear but past experience suggests a contaminated machine involved in loading content onto the players is the likely culprit. McDonalds Japan has apologized for the cock-up and established a helpline designed to handle the recall of the infected MP3 players and send out uncontaminated music gizmos. A Japanese-language statement <http://www.mcd-holdings.co.jp/news/2006/release-061013.html> ------------------------------------------------------------------------ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Spyware infection prompts McDonalds MP3 recall rms (Oct 16)
- RE: Spyware infection prompts McDonalds MP3 recall Larry Seltzer (Oct 16)
- Re: Spyware infection prompts McDonalds MP3 recall Ron (Oct 16)
- Re: Spyware infection prompts McDonalds MP3 recall Dude VanWinkle (Oct 16)
- Re: Spyware infection prompts McDonalds MP3 recall Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 16)