Razer ships malware with drivers

Razer ships malware with drivers

Razer's support site is temporarily offline while the company investigates how eight driver packages came to be infected with a Trojan.

Peripheral manufacturer Razer was left with egg on its face this week by the revelation that it had been unwittingly distributing malware with its driver updates.

The Trojan - troj.dropper.jiz, which downloads and installs a copy of worm.aspxor.ab - was spotted on Razer's product support website by anti-virus vendor Trend Micro - and reported by DownloadSquad - earlier this week.

Trend Micro's analysis of the website has shown that at least eight separate driver packages offered by Razer's support site came with the unwanted bonus, and the company claims that only "7 out of 41 [anti-virus] vendors offered generic detection" of this particular worm - meaning it's potentially difficult for an end-user to know that they've been infected.

The worm, which spreads by opening a random TCP port on the infected system and connecting to external SMTP servers in order to send spam with itself as an attachment, isn't a particularly nice thing to have installed on your system: accordingly, Razer are advising users to make use of free anti-virus scanners available online from Trend Micro and Avast.

Razer has temporarily taken its support site offline while it investigates the issue and checks to make sure it has caught all instances of the Trojan before making driver downloads available once more.

This isn't the first time a trusted brand has been subverted to spread malware, of course: sites as big as The New York Times have been used to peddle Trojans in the past, and even computers which aren't connected to the Internet aren't necesarilly safe with peripherals and even the computers themselves coming pre-loaded with viruses. The lesson is: if you use Windows, install an anti-virus package.

Any Razer users worried that they might have opened their system up to abuse by updating their mouse drivers, or is the issue unlikely to have spread very far before being noticed? Share your thoughts over in the forums.


Discuss in the forums Reply
Jack_Pepsi 23rd September 2009, 10:58 Quote
plagio 23rd September 2009, 11:38 Quote
Oh noes indeed. I have avira antivirus and never seen a warning while updating my razer driver.
Is it know which are these 8 drivers that are infected ? Is it known which are these 7 antivirus programs that do detect the worm ?

I couldn't find anything on the Trend Micro and Avast sites.
mjm25 23rd September 2009, 12:40 Quote
OH NOES! indeed! i guess we always assume that if a company sells geektastic products then they aren't gonna bundle malware crap with their software. i was initially worried... until i read further and i'm already using Avast... so now i'm more confused (using a Deathadder although it's using stable drivers and firmware from over a year ago) am i safe? who knows...

UPDATE: apparently only since the 19th September has it been affected... so i guess the software files aren't inherently affected, but only if you downloaded them while the Trojan was present. still it's more than a bit poo
Jack_Pepsi 23rd September 2009, 13:56 Quote
It's the fact that it happened!

Then again these things happen for a reason - the consequences should be that it doesn't happen again. That they tighten their security on what gets uploaded. I'll be interested to see what happens, if they release any news on how it happened and what they're doing about it.
rpsgc 23rd September 2009, 14:23 Quote
Their evil plan of world domination has been thwarted!
Aracos 23rd September 2009, 14:49 Quote
Good thing I don't bother updating my mouse drivers, not updated it for about 3-4 months so I'm safe :D

Anyway how could they let this happen? Is it on purpose or is it just someone being naughty when compiling the drivers?
Kovoet 23rd September 2009, 20:52 Quote
Hence why I use Trend Micro
OWNED66 24th September 2009, 12:37 Quote
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.

Discuss in the forums