With a little more digging, Schouwenberg found multiple Windows system restore points, typically an indication that the machine had been updated with new drivers or software had been installed before it left the factory. One of the restore points, stamped with a February date, included the malware, indicating that it had been put on the machine before then. And the malware itself hinted how the netbook had been infected.
"In February, the manufacturer was busy installing some drivers for an Intel product in the netbook," said Schouwenberg, citing the restore point. Among the three pieces of malware was a variant of the AutoRun worm, which spreads via infected USB flash drives.
"The USB stick they used to install the drivers onto the machine was infected, and [it] then infected the machine," said Schouwenberg. Installed along with the worm was a rootkit and a password stealer that harvests log-in credentials for online games such as World of Warcraft.
keyboard shortcuts: V vote up article J next comment K previous comment