Re: Spyware infection prompts McDonalds MP3 recall

[Ron <iago () valhallalegends com>]

Does anybody know if it was possible to use "autorun" on the key to
infect the systems, or would the user have to have opened the key and
double-clicked on the malware?

> From a cursory check on Google, it seemed to me that USB devices won't
autorun on Windows, but I'm not convinced that it can't happen.

Ron

rms () bsf-llc com wrote:
> http://www.theregister.com/2006/10/16/mcd_spyware_mp3_recall/
>
>
>     Spyware infection prompts McDonalds MP3 recall
>
>
>       Bitter aftertaste to Coke promo
>
> By John Leyden
> <http://forms.theregister.co.uk/mail_author/?story_url=/2006/10/16/mcd_spyware_mp3_recall/>
> ? More by this author <http://search.theregister.com/?author=John%20Leyden>
> Published Monday 16th October 2006 10:40 GMT
> Find your perfect job - click here for thousands of tech vacancies.
> <http://ad.doubleclick.net/clk;39093442;13533154;c?http://www.jobsite.co.uk/>
>
>
> McDonalds Japan has launched a recall after discovering that MP3 players
> it offered as a prize were loaded with a particularly nasty strain of
> malware. Up to 10,000 people might have been exposed to the problem
> after claiming a Flash MP3 player pre-loaded with ten tunes and a
> variant of the QQpass spyware Trojan
> <http://www.symantec.com/security_response/writeup.jsp?docid=2003-031213-1641-99>.
>
> Punters received the contaminated gift after purchasing a large drink
> form the fast-food chain in Japan and submitting a serial number
> contained on the beverage holder as part of a competition, sponsored by
> McDonalds and Coca-cola. Users who connected the McDonalds-branded MP3
> player to their Windows PC were exposed to spyware code programmed to
> transmit their web passwords and other sensitive information to hackers.
> The cause of the accidental infection is unclear but past experience
> suggests a contaminated machine involved in loading content onto the
> players is the likely culprit.
>
> McDonalds Japan has apologized for the cock-up and established a
> helpline designed to handle the recall of the infected MP3 players and
> send out uncontaminated music gizmos. A Japanese-language statement
> <http://www.mcd-holdings.co.jp/news/2006/release-061013.html>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.