The Hot New Netbook Trend: Built-In Malware

Windows netbooks ship with some fascinating new features these days. . . like pre-installed malware.

Computerworld.com has the full story:

After discovering attack code on a brand new Windows XP netbook, antivirus vendor Kaspersky Labs warned users yesterday that they should scan virgin systems for malware before connecting them to the Internet.

When Kaspersky developers installed their recently-released Security for Ultra Portables on an M&A Companion Touch netbook purchased for testing, "they thought something strange was going on," said Roel Schouwenberg, a senior antivirus researcher with the Moscow-based firm. Schouwenberg scanned the machine -- a $499 netbook designed for the school market -- and found three pieces of malware.

"This was done at the factory," said Schouwenberg. "It was completely brand new, still in its packaging."

Where do you start with a fiasco like this? For starters, it provides fresh ammo for people who want to strip away some of the product-liability exceptions IT vendors currently enjoy.

Kaspersky's solution, by the way, is a real winner. The company suggests that netbook buyers who are concerned about pre-installed malware run an anti-virus scan before connecting their new systems to the Internet. This is a colossal pain, since it involves updating the anti-virus software on a separate PC, transferring the updated version to a buyer's new netbook, and then running the scan.

Fortunately, Kaspersky's researchers didn't find a rootkit on the infected netbook. Most anti-virus scanners can't detect rootkits at all, and victims might never discover that some dirtbag is busy uploading their passwords and bank account information.

Could a Linux netbook fall prey to the same stupid mistake? Not likely, since the malware apparently originated on a USB key drive used to install driver updates on the affected netbook. Linux isn't immune to malware, but it's safe to say that it takes a lot more to infect a desktop Linux system than a dirty USB stick.

I'm not surprised Kaspersky failed to point out this fact. Although the company has insisted for quite a while that Linux and Mac OS X will fall prey to the same malware that afflicts Windows systems, Linux and Mac users are still waiting for doomsday to dawn on them.

Don't hold your breath.