Staying secure in this online and rapidly-moving world is no easy feat. That’s why we always recommend you keep up to date with software patches, use strong passwords, don’t install shady software and so on. But things get even trickier when the viruses, malware and digital threats come from companies you trust.
This was exactly what happened to business customers of the British telecommunications carrier O2. Unlucky users ended up installing a “Windows-specific virus”, after using a promotional USB pen provided by the telecommunications company.
In an e-mail sent to its customers, O2 warns that some of the promotional memory sticks it had been handing out to users were infected with a virus, which could allow an attacker to take hold of an infected machine, execute remote commands and spread malicious software further. O2 blamed the issue on a supplier and said that it had “notified the relevant organizations”, those presumably being the affected supplier and law enforcement agencies.
Luckily, there’s one bit of good news with this whole marketing debacle: the virus in question seems to only affect older versions of Windows, including 95, 98, Windows 2000, XP, Server 2003 and Vista. Then again, Windows NT is also, confusingly, listed – which might mean all versions of Windows are affected.
Given how willing users are to connect a found USB stick or memory card to their internet-connected machines, it’s no surprise that hackers or government agencies looking to spread malware occasionally employ the tactic of giving away infected memory sticks. It is, however, quite disappointing that a major company seems to have done the same thing, albeit unknowingly.
For those that have already used the infected USB devices, O2 says it has a dedicated support team that can guide users through the steps needed to get their machines secure once again. For the rest of us, we might do well to remember to never use strange USB keys even if they’re coming from innocent sources.
Source: The Register