Santa left a virus under the Christmas tree

Amazon has warned its customers that one of Samsung’s digital picture frames shipped to customers infected with a virus. While Samsung has some egg on its face, malware that ships on consumer hardware is not as serious of an issue as it may seem.

Earlier this week Amazon alerted its customers to an issue affecting the installation CD that shipped with the Samsung SPF-85H 8 inch Digital Picture Frame. Apparently the CD shipped with a copy of the W32.Sality.AE virus. Amazon is recommending that people download a recent copy of the application directly from Samsung’s website rather than using the CD.

So yes, this is embarrassing for Samsung. It shows that either they or the subcontractor who cut the CD need to tighten up their processes surrounding manufacturing systems. There is no reason for those machines to be exposed to malware, let alone not run up-to-date anti-virus to catch these infections.

The customers have a pretty low likelihood of being infected by this malware, though. Any system running up-to-date anti-virus would have been guaranteed to spot the potential infection, as the delay between when the CD was first cut and when the customer attempted to install the application was far longer than the average amount of time it takes for a piece of malware to be detected by an anti-virus package. If the system wasn’t running an up-to-date anti-virus package, well, it probably had oodles of malware already, and the marginal cost of one more infection is pretty small.

I suspect next year Samsung will be asking Santa for security people who are tightwads about compliance.

[Source: zdnet]