bit-tech.net

Samsung ships Wave with added malware

Samsung ships Wave with added malware

The bada-based Samsung Wave is surprising users in Germany with an added extra: malware.

Buyers of Samsung's new bada-based handset, the S8500 Wave, have got more than they bargained for thanks to malware that appears to have found its way onto the included microSD card.

According to Mobile Burn, a 'test unit' shipped from Seoul - originally destined to be sent for sale in Germany - arrived with a worm in a file titled slmvsrv.exe which attempts to automatically run if the handset is connected to a Windows-based PC.

Should the file succeed in running, it will attempt to copy both itself and the autorun file runs it to any connected removable storage in order to spread.

With timestamps indicating that the card was infected in May, it is most likely that the infection is the result of a slip-up at the factory rather than a malicious act by those who supplied the handset to Mobile Burn for review.

The issue doesn't appear to be restricted to test units, either: threads are appearing across the Internet indicating that users who bought their handsets in Germany are also finding themselves fighting a worm infection.

This isn't the first time malware has found its way onto a device from the factory: back in July last year Toshiba TG01 smartphones were supplied with a virus in internal memory, interestingly again from a German supplier. Other devices to have been affected in this way recently include digital photo frames, brand-name PCs, and even gifts at a security conference.

Are you surprised to see a handset make it onto the open market with a nasty little worm added into the bargain, or will this sort of thing keep happening until companies invest more into their overseas production facilities - or at least buy them an up-to-date virus scanner? Share your thoughts over in the forums.

22 Comments

Discuss in the forums Reply
rickysio 2nd June 2010, 10:24 Quote
Bada BOOM!
mecblade 2nd June 2010, 10:30 Quote
LOLZ

first IBM ship free flash devices with a extra gift, worms
now, samsung is doing the same XD, its worm infection mania
shanky887614 2nd June 2010, 11:09 Quote
4 words

get a f****** firewall

then you wont ever have these problems
god people think anti-virus programs protect you, its like plasters there useless till you cut youself on something

anti-virus programs dont protect you they just get rid of it


the problem is most anti-virus programs are signiture bassed in the fact they only scan for items in there database so any of the millions of viruses created saily could infect your pc without you realising
deathtaker27 2nd June 2010, 11:20 Quote
wow, who will be next, taking all bets!
rickysio 2nd June 2010, 11:22 Quote
Quote:
Originally Posted by shanky887614
4 words

get a f****** firewall

then you wont ever have these problems
god people think anti-virus programs protect you, its like plasters there useless till you cut youself on something

anti-virus programs dont protect you they just get rid of it


the problem is most anti-virus programs are signiture bassed in the fact they only scan for items in there database so any of the millions of viruses created saily could infect your pc without you realising

What makes you think Firewalls are bullet proof?

Or in 4 words : Firewalls are F****** PERFECT?
shanky887614 2nd June 2010, 11:51 Quote
Quote:
Originally Posted by rickysio
Quote:
Originally Posted by shanky887614
4 words

get a f****** firewall

then you wont ever have these problems
god people think anti-virus programs protect you, its like plasters there useless till you cut youself on something

anti-virus programs dont protect you they just get rid of it


the problem is most anti-virus programs are signiture bassed in the fact they only scan for items in there database so any of the millions of viruses created saily could infect your pc without you realising

What makes you think Firewalls are bullet proof?

Or in 4 words : Firewalls are F****** PERFECT?

no, im talking from experience

i have got a decent firewall that asks me everytime an unsigned exe tries to run or edit any registry values or any other system critical components itr also lets me trust any programs and remembers the choices i make so yes certain firewalls are bullet proof to an ecstent, by firewall i am refering to a "hips" not a bog standard fireall you get with an antivirus

host-bassed intrusion protection system and it dose work becasue i bought a game the other day that had maleare on the disk and it picked it up right away while my antivirus was silent
TomH 2nd June 2010, 12:50 Quote
Quote:
Originally Posted by shanky887614
Quote:
Originally Posted by rickysio
Quote:
Originally Posted by shanky887614
4 words

get a f****** firewall

then you wont ever have these problems
god people think anti-virus programs protect you, its like plasters there useless till you cut youself on something

anti-virus programs dont protect you they just get rid of it


the problem is most anti-virus programs are signiture bassed in the fact they only scan for items in there database so any of the millions of viruses created saily could infect your pc without you realising

What makes you think Firewalls are bullet proof?

Or in 4 words : Firewalls are F****** PERFECT?

no, im talking from experience

i have got a decent firewall that asks me everytime an unsigned exe tries to run or edit any registry values or any other system critical components itr also lets me trust any programs and remembers the choices i make so yes certain firewalls are bullet proof to an ecstent, by firewall i am refering to a "hips" not a bog standard fireall you get with an antivirus

host-bassed intrusion protection system and it dose work becasue i bought a game the other day that had maleare on the disk and it picked it up right away while my antivirus was silent
Firewalls, by definition, enforce network traffic policies, not registry edits.

And as a word of friendly advice, please turn on the spell checking in your web browser. There's nothing worse than someone trying to preach (naively or otherwise) their specific viewpoint with more spelling mistakes than words. You could be dyslexic, foreign or both, but it's still no excuse not to use the tools that have been provided for years.

Edit: On another note, I really hope this doesn't delay the Galaxy S - really looking forward to getting my hands on one of those.
Bauul 2nd June 2010, 13:36 Quote
Quote:
Originally Posted by TomH

And as a word of friendly advice, please turn on the spell checking in your web browser.

There are spell checkers in web browsers?
shanky887614 2nd June 2010, 13:46 Quote
Quote:
Originally Posted by TomH
Quote:
Originally Posted by shanky887614
Quote:
Originally Posted by rickysio
Quote:
Originally Posted by shanky887614
4 words

get a f****** firewall

then you wont ever have these problems
god people think anti-virus programs protect you, its like plasters there useless till you cut youself on something

anti-virus programs dont protect you they just get rid of it


the problem is most anti-virus programs are signiture bassed in the fact they only scan for items in there database so any of the millions of viruses created saily could infect your pc without you realising

What makes you think Firewalls are bullet proof?

Or in 4 words : Firewalls are F****** PERFECT?

no, im talking from experience

i have got a decent firewall that asks me everytime an unsigned exe tries to run or edit any registry values or any other system critical components itr also lets me trust any programs and remembers the choices i make so yes certain firewalls are bullet proof to an ecstent, by firewall i am refering to a "hips" not a bog standard fireall you get with an antivirus

host-bassed intrusion protection system and it dose work becasue i bought a game the other day that had maleare on the disk and it picked it up right away while my antivirus was silent
Firewalls, by definition, enforce network traffic policies, not registry edits.

And as a word of friendly advice, please turn on the spell checking in your web browser. There's nothing worse than someone trying to preach (naively or otherwise) their specific viewpoint with more spelling mistakes than words. You could be dyslexic, foreign or both, but it's still no excuse not to use the tools that have been provided for years.

Edit: On another note, I really hope this doesn't delay the Galaxy S - really looking forward to getting my hands on one of those.

a hips is a firewall and it alerts you when an exe tries to edit the registry and other items

please do your research before you post and dont be a grammer nazi

(here is link search for hips on page)
http://en.wikipedia.org/wiki/Intrusion_prevention_system#Host-based
Bauul 2nd June 2010, 13:55 Quote
Quote:
Originally Posted by shanky887614

a hips is a firewall and it alerts you when an exe tries to edit the registry and other items

please do your research before you post and dont be a grammer nazi

Not to get too invovled with this terribly productive argument, but I looked up HIPS as they sounded quite interesting, but it appears they're not just firewalls, but a whole series of interconnecting solutions.

http://en.wikipedia.org/wiki/Host-based_intrusion-prevention_system#Host-based

Shame they sound so resource hungry, it's a good idea otherwise.
rickysio 2nd June 2010, 16:37 Quote
Quote:
Originally Posted by Bauul
Quote:
Originally Posted by TomH

And as a word of friendly advice, please turn on the spell checking in your web browser.

There are spell checkers in web browsers?

Yes.
theflatworm 2nd June 2010, 17:46 Quote
Quote:
Originally Posted by rickysio
Quote:
Originally Posted by Bauul
Quote:
Originally Posted by TomH

And as a word of friendly advice, please turn on the spell checking in your web browser.

There are spell checkers in web browsers?

Yes.

How do I get it to work in FF? I checked the options, and it appears to be turned on, but it isn't actually doing anything...
shanky887614 2nd June 2010, 18:23 Quote
Quote:
Originally Posted by Bauul
Quote:
Originally Posted by shanky887614

a hips is a firewall and it alerts you when an exe tries to edit the registry and other items

please do your research before you post and dont be a grammer nazi

Not to get too invovled with this terribly productive argument, but I looked up HIPS as they sounded quite interesting, but it appears they're not just firewalls, but a whole series of interconnecting solutions.

http://en.wikipedia.org/wiki/Host-based_intrusion-prevention_system#Host-based

Shame they sound so resource hungry, it's a good idea otherwise.

well they are like an antivirus, some are more resource demanding than others for example
my hips (comodo) hardly takes any resoruce 1-3mb usually

here is screenshot

http://img218.imageshack.us/img218/760/comodo.png
TomH 2nd June 2010, 19:03 Quote
Quote:
Originally Posted by shanky887614
a hips is a firewall and it alerts you when an exe tries to edit the registry and other items

please do your research before you post and dont be a grammer nazi

(here is link search for hips on page)
http://en.wikipedia.org/wiki/Intrusion_prevention_system#Host-based
And because one company calls a duck a goose, you're going to believe that?

Furthermore, IPS/IDS or bog-standard layer 3/4 firewall, the definition still doesn't fit the bill of a local application modifying your local registry. I've done plenty of research. ;)

<pedant>Grammar nazi, I am also not. I'm a spelling nazi when required. And your posts were abusing the amount of brain power required to interpret them.</pendant>

If you weren't too busy being an opinionated oik, you'd have realised that I made a polite suggestion rather than attacking you personally.
Quote:
Originally Posted by theflatworm
How do I get it to work in FF? I checked the options, and it appears to be turned on, but it isn't actually doing anything...
I'm not sure - perhaps you need to restart FF to get it working? I'm almost 100% sure that it's an Ubuntu default to have it on, as I can't remember having to actually switch it on. Perhaps change the dictionary from en-US to en-GB, but not enable it altogether.

If it wasn't obvious, I should point out that it only works for text input boxes (or other form input fields) like the one I'm using to write this reply 'ere. :D
cyrilthefish 2nd June 2010, 19:06 Quote
Quote:
Originally Posted by theflatworm
How do I get it to work in FF? I checked the options, and it appears to be turned on, but it isn't actually doing anything...
installed the dictionary addon?
https://addons.mozilla.org/en-US/firefox/browse/type:3
shanky887614 2nd June 2010, 19:14 Quote
Quote:
Originally Posted by TomH
Quote:
Originally Posted by shanky887614
a hips is a firewall and it alerts you when an exe tries to edit the registry and other items

please do your research before you post and dont be a grammer nazi

(here is link search for hips on page)
http://en.wikipedia.org/wiki/Intrusion_prevention_system#Host-based
And because one company calls a duck a goose, you're going to believe that?

Furthermore, IPS/IDS or bog-standard layer 3/4 firewall, the definition still doesn't fit the bill of a local application modifying your local registry. I've done plenty of research. ;)

<pedant>Grammar nazi, I am also not. I'm a spelling nazi when required. And your posts were abusing the amount of brain power required to interpret them.</pendant>

If you weren't too busy being an opinionated oik, you'd have realised that I made a polite suggestion rather than attacking you personally.
Quote:
Originally Posted by theflatworm
How do I get it to work in FF? I checked the options, and it appears to be turned on, but it isn't actually doing anything...
I'm not sure - perhaps you need to restart FF to get it working? I'm almost 100% sure that it's an Ubuntu default to have it on, as I can't remember having to actually switch it on. Perhaps change the dictionary from en-US to en-GB, but not enable it altogether.

If it wasn't obvious, I should point out that it only works for text input boxes (or other form input fields) like the one I'm using to write this reply 'ere. :D

look into comodo it stops items modifying registry do you want me to upload a pic

forgods sake dont some of you people believe anything
TomH 2nd June 2010, 19:34 Quote
Quote:
Originally Posted by shanky887614
look into comodo it stops items modifying registry do you want me to upload a pic

forgods sake dont some of you people believe anything
I don't believe marketing over my own learned knowledge, if that's what you're asking?
shanky887614 2nd June 2010, 20:45 Quote
Quote:
Originally Posted by TomH
I don't believe marketing over my own learned knowledge, if that's what you're asking?

i use the aplication i think i know what im talking about
and quit spekulating what it can or cannot when you havent even used or seen it in action yourself.
at the moment you are just caught up in your own little buble and you will someday have to comeback down to earth
Cerberus90 2nd June 2010, 22:00 Quote
Quote:
Originally Posted by TomH
Quote:
Originally Posted by shanky887614
look into comodo it stops items modifying registry do you want me to upload a pic

forgods sake dont some of you people believe anything
I don't believe marketing over my own learned knowledge, if that's what you're asking?

It does actually come up asking for permission for pretty much everything.

Infact, thats one of the reasons I stopped using it, that and an update a while ago bricked the PC. One of the comodo files started using 100% CPU as soon as the PC started. They did fix this problem, but I'd already uninstalled it and just moved to the Win7 Firewall.
Matticus 2nd June 2010, 23:03 Quote
Quote:
Originally Posted by shanky887614
snippage

I know what you are trying to say, but a STANDARD firewall monitors network traffic and stops connections, an active anti virus stops exe's from running and registry entries from being edited. What you said about anti virus applications only scanning for items in their database is wrong, most modern anti virus software uses heuristics to scan for things which "look" like a virus, much the way a HIP does, as it uses pretty much the same system.

Basically what would have solved this entire argument is to specify that you were using a HIPs based firewall, which in laymens terms is basically a firewall which runs like an active anti virus as well as fulfilling its firewall duties.

I have used a few comodo products and found them far too intrusive for my liking, the default block can get very annoying. My issue was when I allowed, and whitelisted a program or connection, a few days later it would pop up asking me to allow the same connection or program.

Anyway, back to the article. It seems a sloppy move by Samsung to allow this sort of thing to happen, its a PR nightmare, if they can't even stop worms getting on their SDcards, then what's to say they didn't slip up with other areas relating to the handset.
l3v1ck 2nd June 2010, 23:16 Quote
Hello, Earth to Samsung........ Quality control................

How do these things get through? By the sound of it this wasn't a one off but something that affected many many phones.
shanky887614 3rd June 2010, 11:13 Quote
Quote:
Originally Posted by Matticus
Quote:
Originally Posted by shanky887614
snippage

I know what you are trying to say, but a STANDARD firewall monitors network traffic and stops connections, an active anti virus stops exe's from running and registry entries from being edited. What you said about anti virus applications only scanning for items in their database is wrong, most modern anti virus software uses heuristics to scan for things which "look" like a virus, much the way a HIP does, as it uses pretty much the same system.

Basically what would have solved this entire argument is to specify that you were using a HIPs based firewall, which in laymens terms is basically a firewall which runs like an active anti virus as well as fulfilling its firewall duties.

I have used a few comodo products and found them far too intrusive for my liking, the default block can get very annoying. My issue was when I allowed, and whitelisted a program or connection, a few days later it would pop up asking me to allow the same connection or program.

Anyway, back to the article. It seems a sloppy move by Samsung to allow this sort of thing to happen, its a PR nightmare, if they can't even stop worms getting on their SDcards, then what's to say they didn't slip up with other areas relating to the handset.

well technically i havent installed the antivrirus part of it on my main pc (ive tested it in a virtualmachine and it works well" but id rather use malwarebytes
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums