We'd love to give you more information on the specifics of what this does, but parts of the Computer Associates site have been hammered into near oblivion in the last 24 hours as word is starting to get around. Thanks to Engadget and others, we do know that at present it only affects Windows systems (so you Mac and Linux users are safe), that it comes in a fairly large number of variants, can probably auto-update, and can install other malicious software on your system to do ... well, more or less anything the authors desire. Data is presently sent back through an anonymizing service in China.
Our colleague at WoW Insider, Amanda Dean had her account hacked on Valentine's Day. Amanda's always practiced safe, secure and hygenic computing and taken care with her account details. There's a lot of money to be had in maliciously obtaining the account credentials of others in major MMOs and Virtual Worlds.
Target got reports about frames distributed by Uniek, while Best Buy confirmed that there was problems with infected product from Insignia. It may be that the faults are not tied to any single manufacturer or brand and that the units are being infected at a distributor, shipper, warehouse or stevedore.
This also isn't the first. You may recall that late last year there were Maxtor/Seagate drives that shipped from the factory with account-stealing trojans installed.
If you think you have bought an infected device, contact the SANS Institute at email@example.com and call the store who sold it to you. If you received one, find out where it was obtained and get calling and emailing.
- Best Buy: (877) 467-4289
- Costco: (800) 955-2292
- Sam's Club: (888) 746-7726
- Target: (800) 591-3869