For reasons unknown, vendors occasionally fail to maintain quality control over the media they ship. Whether it is CD-ROM, DVD, USB or some other form of media, it may contain viruses, trojans or even drug-runner music. When this happens, the software you receive obviously can't be trusted in any fashion, and installing software from already compromised media immediately puts your system's integrity in question.
This page serves to keep a record of such incidents and remind vendors that shipping "pre-0wned" software is deplorable. This list is designed to capture consumer related exposures, specifically malware or other items of interest. This list will not include incidents of vendors shipping vulnerable software as that list would be extensive. In addition, it will not track malware attacks against specific targets, such as the "Farewell Dossier". For an interesting historical perspective of such incidents until 1996, consult McDonald's list. Some of these incidents are integrated into the CPO list depending on the information available.
When | Who Shipped | What Media | With What |
2023-01-11 | Amazon | T95 Android TV Box | AllWinner T616 Malware |
2018-03-15 | 7 Vendors | Android Phones | Smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE were infected with RottenSys malware |
2017-12-08 | Hewlett-Packard (HP) | HP Laptops | 460 HP laptop models contained a keylogger. The vendor of the software disputes this. |
2017-11-07 | Unspecified | Mantistek GK2 Keyboard | 'Cloud Driver' software infected with unspecified malware |
2017-05-11 | Hewlett-Packard (HP) | HP Laptops | HP audio driver contains keylogger |
2017-05-05 | IBM | Storwize Products Driver Update | Unspecified malware |
2017-03-13 | Two Unnamed Vendors | Android Phones or Tablets | Slocker mobile ransomware and Loki adware |
2016-04-11 | Amazon | Surveillance Cameras | Urban Security Group's (USG) Sony Chip HD 6 Camera 1080P PoE IP CCTV surveillance camera kit, sold on Amazon was found to contain malware that redirects users to a site that distributes further malware. |
2015-11-17 | Amazon | Tablets | According to Cheetah Mobile Security Lab, Amazon has been selling tablets from SoftWinners, RockChip, WorryFree, and other brands that come with 'Cloudsota', a trojan that allows remote access. |
2015-11-15 | Martel Electronics | Police Body Cameras | US-based iPower Technologies has discovered that body cameras sold by Martel Electronics come pre-infected with the Conficker worm (Win32/Conficker.B!inf) |
2014-03-05 | Multiple Vendors | Android Phones and Tablets | Fake Netflix app malware found on hardware from Samsung, Motorola, Asus, Google/LG (Nexus) and others. The devices are said to have come from a re-distributor and were not factory new. |
2012-09-13 | Unspecified Supplier(s) in China | PC Laptops and Desktops | Nitol botnet |
2012-06-29 | Cisco | Cisco and Linksys Routers | Forced Update with Cloud Connect service that tracked complete Internet history. Cisco backtracked and made it opt-in |
2012-04-10 | Hewlett-Packard (HP) | HP ProCurve 5400 zl Switch, Compact Flash Card | Unspecified Virus |
2011-08-03 | Cisco | Information Packet and Warranty CDs | Unspecified Links to Third-Party Malware Repositories |
2011-07-29 | Aldi / Tevion | Fission External 4-in-1 Hard Drive | Conficker |
2011-04-11 | Amazon | Community EC2 Amazon Machine Images | AMI Author's SSH Key pre-authorized |
2010-07-21 | Dell | PowerEdge R410 Rack Server | Unspecified Malware |
2010-06-08 | Olympus Japan | Olympus Stylus Tough camera | Unspecified "autorun worm" |
2010-06-01 | Samsung | Samsung S8500 Wave bada phone shipping with infected microSD card (German market only) | Win32/Heur, Worm.Win32.AutoRun.bhiq |
2010-05-21 | IBM | USB Drive Distributed at AusCERT | Unspecified Malware |
2010-03-08 | Vodafone | HTC Magic (distributed by Vodafone) | Mariposa bot |
2010-03-08 | Energizer | Energizer DUO USB Charger | Trojan.Arugizer |
2009-09-21 | Razer | Device Drivers | WORM.ASPXOR.AB |
2009-06-15 | Elisa ISP | Huawei Nettitikku E160 Router | Conficker |
2009-05-18 | M&A | Companion Touch netbook | Worm.Win32.AutoRun.aayn, Rootkit.Win32.Agent.hwq and Packed.Win32.Krap.g |
2009-01-02 | Element | 9-Inch Digital Photo Frame | Unknown |
2008-12-29 | Samsung | SPF-85H 8-Inch Digital Photo Frame | Sality Worm |
2008-12-28 | Mercury | Mercury 1.5" Digital Photo Frame | DPFMate.exe and FEnCodeUnicode.dll |
2008-10-27 | Teq AV | Wireless AV System USB Key | Multiple (W32.Perlovga family) |
2008-10-15 | Unspecified | Credit Card Terminal | Physical bug to steal credit card information |
2008-10-09 | Cisco | VPN Client CD | Mexican Narco Corridos MP3s |
2008-10-08 | ASUS | Eee Box's 80GB Hard Drive | W32/Taterf worm - aka W32.Gammima.AG (recycled.exe) |
2008-08-19 | ASUS | Laptop Recovery DVD | Cracking software, confidential documents, proprietary source code, employee CVs |
2008-05-06 | Telstra | USB Drive Distributed at AusCERT | Unspecified Malware |
2008-05-06 | Mozilla | Firefox Vietnamese Language Pack | W32/Xorer.O.worm |
2008-04-09 | Hewlett-Packard Proliant Computers | 256K / 1GB USB Drives | W32.Fakerecy and W32.SillyFDC |
2008-01-23 | Insignia (sold via Best Buy) | 10.4" NS-DPF10A Digital Photo Frame | W32/Mocmex.AM |
2008-01-04 | Unspecified | Victory LT-200 MP3 Player | Worm.Win32.Fujack.aa |
2007-12-25 | ADS (sold via Sam's Club) | 8" Digital Photo Frame | Win/32Mocmex.AM |
2007-12-13 | Unknown Nepalese Vendor | Kingston CF Memory Card | Worm.VBS.Small |
2007-11-12 | Seagate | Seagate Maxtor Basics Personal Storage 3200 | Virus.Win32.AutoRun.ah |
2007-09-15 | Medion Laptops (via Aldi) | Laptop | Stoned.Angelina Virus |
2007-01-29 | TomTom | TomTom GO 910 Satnav Unit | win32.Perlovga.A Trojan and TR/Drop.Small.qp |
2006-10-18 | Apple | 30GB Apple Video iPod | RavMonE.exe Virus |
2006-10-16 | McDonald's Japan | MP3 Player | QQPass Password-stealing Trojan |
2006-06-02 | Hewlett-Packard (HP) | Printer Driver | Funlove Virus |
2006-02-15 | Unknown | "Mr. & Mrs. Smith" German Release DVD | Unspecified Rootkit |
2005-11-25 | I-O Data Device | HDP-U Series Hard Drive | Tompai-A Worm |
2005-11-11 | Sony BMG | XCP Software | Rootkit |
2005-09-01 | Creative | 5GB Zen Neeon MP3 Player | Wullik.B Virus |
2004-06-23 | Capitol Records | Beastie Boys CD "To the Five Boroughs" | Unspecified Virus |
2003-05-15 | Wal-Mart | Promo CD | Custom Spyware |
2002-06-21 | Microsoft | Korean version of Visual Studio .NET | Nimda Virus |
2001-12-03 | Kool Kizz | Atelier Marie (Japanese-language version) | W32/Kriz Virus |
2001-11-30 | Sega Dreamcast | Atelier Marie (Japanese Language Version) | Kriz Virus |
2000-12-17 | Hewlett-Packard (HP) | Printer Drivers | Funlove Virus |
1999-07-15 | Cult of the Dead Cow (cDc Communications) | Back Orifice 2000 CD-ROM | Win95.CIH Virus |
1999-05-10 | IBM | Aptiva Computer | CIH Virus |
1998-10-?? | Unknown | SiN (Demo Version) | CIH Virus |
1998-09-?? | Yamaha | CD-R400 Drive Firmware Update | CIH Virus |
1998-08-12 | MGM/EA | Wargames CD-ROM | Win95/Marburg virus |
1998-05-01 | ID Software | Quake and Quake 2 Server | Backdoor Command (rcon) |
1997-07-08 | Vellum 3D | Version 3.0 CD-ROM | MBDF A/B virus |
1997-??-?? | Unspecified Hungarian Computer Magazine | CDROM | Sopron.937 Virus |
1996-09-?? | HQ FORSCOM | Unspecified Internet Distributed Files | WinWord.Concept |
1996-05-?? | MacUser, UK Edition | One Director Movie CD-ROM | |
1996-05-?? | Industrial Computer Source (ICS) | Windows 95 Driver Disks for ROCKETPORTXX | AntiCos-A |
1996-04-13 | FIT | IZL Developer's Package 3.5" Floppy | NYB (New York Blues) Virus |
1996-03-?? | Alpine Media | Microsoft Developer Server Disk | B1 |
1996-02-?? | OSD C3I | 40th ARMA Conference Disk | Ripper |
1996-02-?? | Microsoft Slovenia | Press Release 30. 1. 1996 Disk | WordMacro/Concept |
1996-01-?? | Microsoft | The Microsoft Office 95 and Windows 95 Business Guide CD-ROM | WinWord.Concept |
1996-01-?? | Powersoft Multimedia U.S.A. | 101 Card Games CD-ROM | Taipan.666 |
1996-01-?? | Ziff-Davis UK Ltd. | Electronic Christmas Card Disk | Parity_Boot.B |
1996-??-?? | IBM Germany | VoiceType Vokabular Diskettes | Newboot_1 |
1995-10-?? | PC Magazine | Editor's Day Disk | SAMPO |
1995-09-?? | DEC | ECUS Disk | WinWord/Concept Virus |
1995-08-?? | Microsoft | Windows 95 Software Compatability Test | WinWord/Concept Virus |
1995-08-?? | Ford Motor Co. | Public Relations Disk | Monkey |
1995-07-?? | Merriam-Webster | Collegiate Dictionary and Thesaurus | AntiExe |
1995-06-?? | America Online | Distribution Disks | Bupt |
1995-05-?? | Home Grown Productions Ltd. | The Gates of the Underworld CD-ROM | Tai-pan & Goldbug |
1995-04-01 | Unspecified European automobile manufacturer | Product Line Information Media | Unspecified Virus |
1995-03-?? | ARTEC/Genius | Mouse Drivers | Anti-tel |
1995-02-?? | MITSUMI | Model ECM-S31 Mouse Driver Software | Form |
1995-02-?? | Microsoft | 1,000 Unspecified Disks | Form |
1995-02-?? | European Commission Office | 1,000 Unspecified Disks | Gallicia |
1994-11-?? | Sandia Research Associates Inc. | 2.0 GPSLOG Demo Version | AntiCmos |
1994-06-11 | ZiffNet PBS Forum | Nine Unspecified Files | Chill |
1994-10-?? | Apple | Macintosh System 7.5 Sample Upgrade Kit (HDSC Setup and Disk First Aid Applications) | MBDF |
1994-06-?? | Mediaplex | Die DFUe-CDROM | Crusader |
1994-05-05 | American Vacuum Society (AVS) | Journal of Vacuum Science & Technology A&B (Second Series Volume 12, 1994) CD-ROM | nVir A |
1993-12-?? | Oliver Marketing Inc. | Unspecified Demo Disks | Jerusalem / Stoned |
1993-10-?? | University of Michigan Computer Kickoff Sale | Standard Distribution Disks | nVIR |
1993-07-?? | CIX Online Service | SPORT21C.ZIP | Butterfly |
1993-06-?? | Telemate | TM411-4.ZIP | Stoned |
1993-04-?? | Hoskyns | Project Manager Workbench UK | Form |
1993-01-?? | DCA | Unspecified Printer Driver Disks | NoInt |
1993-01-?? | FUJITSU Germany | Unspecified Printer Disks | V-Sign |
1992-11-?? | Star | LC24 Print Driver Disk | Vacsina Loader |
1992-10-?? | CACI, INC-FEDERAL | Update Disk #48 FAR-TRIEVE | Michelangelo |
1992-08-?? | International Data Systems | Preloaded Model IDS 4331 486 PC | Stoned Virus / Michelangelo Virus |
1992-08-?? | Wilson Hill Associates | Standard Army Hazardous Materials Tracking System Disk | Form Virus |
1992-07-01 | American Computer Resources, VA | Seiko PS-X Printer Driver Software | CDEF |
1992-07-?? | Phoenix Data Systems | Diagnostics Disk for Ethernet Board | Michelangelo Virus |
1992-05-?? | DacEasy Inc. | Instant Accounting Package | Stoned |
1992-05-?? | Golden/Diamond International/System | Cactus OCR Disk | Fish Boot |
1992-03-?? | Novell | Netware Support Encyclopedia (NSE) Standard Edition | NoInt |
1992-03-?? | Lotus Development Corp. | CD/Networker LAN Version | Michelangelo Virus |
1992-03-?? | Pionex | Preloaded 386 Pro System | Michelangelo Virus |
1992-03-?? | Chicony Corp | Keyboard Tracking Ball Software Disk | Michelangelo Virus |
1992-03-?? | Neural Networks & Fuzzy Systems | Unspecified Book w/ Disk | Michelangelo Virus |
1992-03-?? | Symbol Technologies | Preloaded PC | Michelangelo |
1992-03-?? | IntelCorp | LANSpool 3.01 Disk | Michelangelo |
1992-02-?? | Sony | Laser Library Distribution Disk | Dark Avenger |
1992-02-?? | WIN Laboratory | Preloaded PC | Stoned |
1992-02-?? | Meridian Data Inc. | Extension Software | Michelangelo |
1992-02-?? | Da Vinci Systems | E-Mail 2.0 Demo Disk | Michelangelo |
1992-01-28 | Leading Edge Products Inc. | PC | Michelangelo Virus |
1992-01-?? | PC Fun Magazine | Disk | Stoned |
1992-01-?? | Trident VGA Co. | Easy Data Model 386 Systems | Michelangelo |
1991-12-?? | Information Management Consultants | AUVA 350/25 PC Systems | Michelangelo |
1991-12-?? | Konami Inc. | Spacewrecked Game Disk | Stoned |
1991-12-?? | Novell | Network Encyclopedia Disk | Stoned-3 |
1991-11-11 | Virtual Reality Lab | Distant Suns Disk | Michelangelo |
1991-11-?? | Zinc Software | C++ Library Disk | Form |
1991-11-?? | NTIS Software Distribution | Unspecified | Stoned |
1991-11-?? | Software Perspectives | Demo Disk | Stoned |
1991-10-?? | Z-Soft | PC Paintbrush Update Disk | Michelangelo |
1991-10-?? | Publishing International | PUMPKIN PATCH Screen Saver | Jerusalem |
1991-09-?? | Cypress Semi-Conductor | MAXPROG, version 2.72C | Stoned |
1991-09-01 | Sun Microsystems | PCNFS 3.5b | Jerusalem |
1991-08-?? | European Patent Office | Bulletin Disk | Stoned |
1991-07-?? | Oracle | Oracle Windows' DDE/Toolbox Demo Disk | Stoned |
1991-02-?? | Praxis Software Engineers | Rodime PLUS/RX | WDEF A |
1990-12-?? | LAN Source Technologies Distributing | Modem Protocall One Modem Evaluation | Stoned |
1990-11-?? | Shimadzu | Photo-detection Detec-tor SPD-M6A Version 2.14 | Vienna |
1990-11-?? | PC Benelux World | Unspecified | Cascade 1704 |
1990-10-?? | DOS-TREND Magazine | Unspecified | Stoned II |
1990-10-?? | Modular Circuit Technology | Utility Disk | Stoned |
1990-07-?? | PC Today Magazine | Unspecified | Disk-killer |
1990-05-?? | Softdisk Publishing | Diskworld Diskette | WDEF |
1990-04-?? | Far Side Moon Artdink Inc. | PC | Nambal / Nambal II |
1990-04-?? | Institute for Scientific Information | CC-on-Diskette | WDEF A |
1990-01-?? | MacPublishing | Font Disk | WDEF |
199?-??-?? | Three Unspecified European PC Gaming Magazines | Cover CD-ROM | CIH Virus |
199?-??-?? | Origin Systems | Wing Commander (Download) | CIH Virus |
1988-10-01 | Quantum Leap Technologies, Inc. | QLTech MEGA-ROM | nVir Virus |
This list is not complete, yet it should make you realize that nothing is safe. Every piece of electronics you buy and every piece of software you install may come with malware pre-installed. Rather than manufacturers introducing a higher set of quality controls to prevent such incidents, we will no doubt see companies produce new products that will help keep you "safe" from such threats. These "controls" would doubtless be another band-aid on top of band-aids that make up a lucrative market, which is a sad commentary about how customers perceive and receive "electronic security".
Copyright 2008-2011 by Attrition.org. Permission is granted to quote, reprint or redistribute provided the text is not altered, and appropriate credit is given. Term "certified pre-owned" courtesy of Dan Geer.