TomTom 910 - bundled software infected with malware

More specifically the TomTom software being distributed with the 910 was infected with win32.Perlovga.A Trojan and TR/Drop.Small.qp - an excellent write-up (and, I think, the article that originally broke the news) is available here
http://www.daniweb.com/blogs/entry1276.html

TomTom's statement about the situation is here which notes that the satnavs were produced between September and November last year:
http://www.tomtom.com/news/category.php?ID=2&NID=349&Language=1

Regarding TomTom's statement that the viruses are "low risk", I say B*LLS*T. There is no such thing as a trojan that is not dangerous.  If that trojan is used to morph your system into a spambot, that is dangerous - if it is used to host somebody's p0rn or warez collection, that is dangerous.  If your infected system is added to a botnet for DDOS attacks, that is dangerous.

Nobody has any way of knowing what the end result of infection by that trojan is going to be, and how the bad guys are going to use the access granted by said trojan, and therein lies the real danger.  It is all well and good to tell victims to delete the two affected files that TomTom installed (copy.exe and host.exe) but what about the crud that is installed on a system *by* that trojan - hands on experience has shown me that the crud that is downloaded and installed by such trojans after infection can be extremely difficult to detect and remove.

Detection of perlovga has been available since July 2006 - two months before TomTom started distributing the trojan, so where was their antivirus protection?  How did this trojan get into their production environment? Just like happened with Apple, who distributed a mystery number of iPods infected with the RavMonE virus, we are seeing the end result of a basic breakdown in quality control and antivirus protection.  It simply isn't good enough to distribute between September and November malware that has been detectable since July.

Well, at least they didn't try to blame Windows, unlike Apple:
http://msmvps.com/blogs/spywaresucks/archive/2006/10/18/184326.aspx

Published Wed, Jan 31 2007 4:43 by sandi
Filed under:

Comments

# re: TomTom 910 - bundled software infected with malware

Tuesday, March 13, 2007 2:11 PM by Brian

I purchase the TomTom 910 and the Trojan was recognized.  Has there been a new update and release that will kill the trojan?