List of commercial products that included malware

November 16, 2015

You can't help but get the feeling that the current level of infected computers is a bit out of control when Microsoft has to revise one of their patches to address the volume of computers out there infected with malware that BSOD when the patch is installed:

"Microsoft revised this bulletin ... due to a change in the package installation logic that prevents the installation of the security update if certain abnormal conditions exist on a system. These abnormal conditions on a system could be the result of an infection with a computer virus that modifies some operating system files, which renders the infected computer incompatible with the MS10-015 update."

In Cisco's 2009 Annual Security Report, they quantified this into a metric which they called "the Cisco Global ARMS Race Index" and gave the world an overall rating of 7.2 for December 2009, meaning that "enterprise networks are experiencing persistent infections and consumer systems are infected at levels capable of producing consistent and alarming levels of service abuse."

Perhaps in light of this reality it should come to no surprise to learn that certain commercial products have also been found to contain malware. Below is the list of commercial products that included malware either within the product hardware itself, in the software bundled with the product, or in the software downloaded from the manufacturer when it appears that the manufacturer's web site was not compromised.

While researching this topic there were sometimes various articles stating that malware was found on a particular device (digital photo frames, MP3 players, and USB keys were the most common). On occasion it could be seen that these articles all referred to the same source, which appeared to be mostly based on one or a few user's personal experience after returning home with the product, plugging it into their computer and seeing their antivirus software react. It is important to consider that in some cases this may be the result of a product being returned to the store by a previous buyer who either intentionally or unintentionally transferred malware to it, and the store repackaging and reselling the item.

There is no guarantee that the list below is up to date or includes all known cases.


2015

Martel Frontline Body Camera: Body cameras sold by Martel Electronics came pre-infected with Conficker (Win32/Conficker.B!inf).1


2014

Star N9500 Android smartphone: Comes pre-installed with Android malware Android.Trojan.Uupay.D which is disguised as the Google Play Store.2


2012

HP ProCurve 5400 switches: Certain HP ProCurve 5400 zl switches contained compact flash cards that were infected with malware.3


2011

Fission 4-in-1 external hard drive: Fission 4-in-1 external hard drives (HDD, DVD, USB, card reader) sold by Aldi supermarket were infected with the conficker worm.4


2010

Dell PowerEdge Server Motherboards: Replacement motherboards for Dell PowerEdge R310, R410, R510 and T410 servers sent via Dell's service and replacement process included the W32.Spybot worm within the flash storage.5,6

Olympus Stylus Tough 6010 digital camera: 1700 of the cameras distributed in Japan included autorun malware on the internal memory card.7,8

Samsung S8500 Wave smartphones: The initial production run of the Samsung S8500 Wave smartphones for the German market were shipped with the trojan Win32/Heur on the 1 GB microSD memory cards.9

Energizer DUO USB Battery Charger Software: Software component for the USB battery charger on Energizer website installs a backdoor identified as Trojan.Arugizer.10,11,12

Vodafone HTC Magic: Mariposa botnet client tries to autorun when the phone is plugged into a computer's USB port.13,14


2009

M&A Companion Touch Notebook: The copy of Windows XP on the computer included the following malware: Worm.Win32.AutoRun.aayn, Rootkit.Win32.Agent.hwq and Packed.Win32.Krap.g.15

ComputerBild Magazine: The cover CD-ROM of Germany's popular computer magazine included a tool infected with the W32/Induc-A Delphi virus.16


2008

Samsung SPF Digital Photo Frames: W32.Sality.AE worm found on the Samsung Frame Manager XP 1.08 installation disc.17,18

Asus Eee Box desktop computer: W32/Usbalex worm located on the Eee Box's D: partition.19,20

Insignia Digital Photo Frames: Some of the frames were infected with malware during the manufacturing process.21

HP USB keys for Proliant servers: The 256MB and 1GB USB drives had the malware W32.Fakerecy and W32.SillyFDC.22,23


2007

Maxtor Basics Personal Storage 3200 hard drives: Came with Virus.Win32.AutoRun.ji on the hard drives.24,25

TomTom GO 910 satnav: Malware win32.Perlovga.A Trojan and TR/Drop.Small.qp identified on the satnav hard drive within the files copy.exe and host.exe.26,27

Medion MD 96290 Laptops: Part of the production of Medion MD 96290 laptops sold at Aldi in Germany were infected with a boot virus originating from early 1994 called Stoned.Angelina.28


2006

McDonalds promotional MP3 players: Preloaded with a variant of the QQPass password-stealing trojan.29

Apple iPods: Some Video iPods available for purchase after September 12 2006 left their contract manufacturer carrying the malicious file RavMonE.exe.30,31

HP printer drivers for Officejet g85 All-in-One printer: Drivers on HP's web site for the Korean version of an HP Officejet printer were infected with the Funlove virus, the same virus that had plagued HP in December 2000.32


2005

Sony BMG music CD rootkit: A famous case, Sony BMG Music Entertainment distributed a copy-protection scheme with music CDs that secretly installed a rootkit on computers.33


2000

HP printer drivers: HP distributed printer drivers infected with the Funlove virus, likely after the computer of a developer working on the driver software became infected and uploaded them onto HP's web server. Subsequent checks in Japan revealed that 51 program files for printer and BIOS drivers for servers had become infected.34


Originally posted March 13, 2010


1. "Police Body Cameras Shipped with Pre-Installed Conficker Virus", Softpedia, November 15, 2015

2. "Android smartphone shipped with spyware", G DATA SecurityBlog, June 16, 2014

3. "HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus", HP, April 10, 2012

4. "Aldi recalls Conficker-infected hard drives", CRN Australia, July 29, 2011

5. "PowerEdge R410 replacement motherboard contains malware?!", Dell Community, July 20, 2010

6. "Dell's response to motherboard malware causes confusion", InfoWorld, July 21, 2010

7. "Olympus apologises after shipping malware-laced cameras in Japan", The Register, June 9, 2010

8. "Olympus Stylus Tough camera carries malware infection", Sophos, June 8, 2010

9. "Samsung Wave shipping with infected microSD card (confirmed, limited to first run)", Engadget, June 2, 2010

10. "Back Door Found in Energizer DUO USB Battery Charger Software", Symantec, March 5, 2010

11. "US-CERT Vulnerability Note VU#154421", US-CERT, March 5, 2010

12. "Energizer Malware", SANS Internet Storm Center, March 9, 2010

13. "Vodafone distributes Mariposa - Part 2", Panda Research Blog, March 17, 2010

14. "Vodafone Android Phone: Complete with Mariposa Malware", SANS Internet Storm Center, March 9, 2010

15. "Another infected device", Kaspersky Lab, May 18, 2009

16. "Magazine ships Induc Delphi virus on cover CD ROM", Sophos, August 20, 2009

17. "Bought a Samsung Digital Photo Frame Recently ??? Free Virus Included", Amazon.com, December 22, 2008

18. "Information Consommateur Cadres Photo Samsung", Samsung, November 27, 2008

19. "Asus Admits That a Virus Shipped With Some Eee Box Mini PCs", Gizmondo, October 8, 2008

20. "ASUS Press Release", ASUS, October 2, 2008

21. "Best Buy Sold Infected Digital Picture Frames", InformationWeek, January 24, 2008

22. "HP USB Floppy Drive Key (Option) for ProLiant Servers, Local Virus Infection", HP, April 3, 2008

23. "HP ships USB sticks with malware", CNET News, April 9, 2008

24. "Maxtor Basics Personal Storage 3200", Seagate

25. "Kaspersky Lab findet Virus auf externen Festplatten", Kaspersky, September 24, 2007

26. "TomTom admits Satnav device is infected with virus", DaniWeb, January 28, 2007

27. "Virus located in TomTom GPS systems", InfoWorld, January 29, 2007

28. "Boot Virus Stoned.Angelina on Medion Laptops sold at Food Discounter Aldi", McAfee Blog Central, September 13, 2007

29. "McDonalds ships MP3 players with a trojan", F-Secure Weblog, October 16, 2006

30. "Small Number of Video iPods Shipped With Windows Virus", Apple

31. "Malware shipped on Apple Video iPods", Sophos, October 17, 2006

32. "HP Hit With Funlove Virus Again", PCWorld, June 2, 2006

33. "Real Story of the Rogue Rootkit", Wired, November 17, 2005

34. "HP distributes virus infected drivers", The Register, January 24, 2001