TomTom Steers Some Users Straight to Virus
A small number of drivers who use the TomTom satellite navigation system Go 910 may be in danger of infecting their computers with viruses that came preloaded with their devices, according to the manufacturer. TomTom is playing down the threat level, insisting that the viruses can be easily removed, but security experts at Kaspersky Lab have cast doubt on that assessment.
Jan 30, 2007 11:55 AM PT
Some TomTom satellite navigation systems installed in cars might actually be steering drivers in the wrong direction -- at least when it comes to navigating their PCs.
That is because a "small number" of TomTom Go 910 satellite navigation devices were shipped last year with two Windows viruses preinstalled, the company has disclosed.
The infected systems were all manufactured during a one-week period around October 2006, TomTom says in a statement posted on its Web site. The affected systems are running version number 6.51 of the TomTom software.
The Amsterdam-based company has not disclosed how the malware made its way into the products, but it is cautioning users that infected versions of the Go 910 will try to copy the malicious software to a PC when connected.
"It has come to our attention that a small, isolated number of TomTom Go 910s, produced between September and November 2006, may be infected with a virus. Appropriate actions have been taken to make sure this is prevented from happening again in the future," the company says.
TomTom has not confirmed the exact type of viruses present in the copy.exe and host.exe files, but does highly recommend that all TomTom Go 910 users update their antivirus software and, if a virus should be detected, allow the antivirus software to remove the host.exe
The viruses "present an extremely low risk to customers' computers or the TomTom Go 910," the company maintains. "To date, no cases of problems caused by the viruses are known."
However, Moscow-based Kaspersky Lab disagrees with TomTom's assessment, claiming the virus is a potential "high risk" to infected PCs, and is actually a Trojan dropper dubbed "Small.apl." Although the dropper itself is relatively harmless, it opens up a back door where hackers can install more malicious code.
"Even though it is a back door with limited functionality, its very presence changes the situation," Roel Schouwenberg, a senior research engineer with Kaspersky, told LinuxInsider.
Because the TomTom Go 910 runs on a Linux operating system, the gadget itself is not affected by the malware. The problem arises when users connect the hardware to a PC to back up its data, and the virus then tries to infect the computer, according to the company.
Both the host.exe and copy.exe files can easily be removed from the device with antivirus software, says TomTom. It advises users without antivirus protection to download free software from Kaspersky or Symantec.
The Go 910 problems have been apparent for some time, according to Graham Cluley, senior technology consultant at antivirus vendor Sophos.
"There are a number of postings on the Internet from TomTom purchasers asking for advice about the viruses, going back as far as September 2006," Cluley notes in a statement on the Sophos Web site. "But they are the lucky ones who were running an antivirus product and caught the infection before it could cause too much harm. What's more worrying is how many innocent consumers may be out there who don't know they might have passed an infection onto their Windows PCs."