We've already seen a few viruses delivered via hardware, but a group of researchers from University of Illinois at Urbana-Champaign are now warning that we may not have seen anything yet. As New Scientist reports, they've apparently managed to develop their own "malicious circuits," which they say can interfere with a computer at a deeper level than a virus, and completely bypass traditional anti-virus software. To accomplish that slightly unsettling feat, the researchers created a replica of the open source Leon3 processor, and added about 1,000 malicious circuits not present in the original processor. Once they hooked that up to another computer they were apparently not only able to swipe passwords from memory, but install malware that would allow the operating system to be remotely controlled as well. Of course, they admit that sneaking such malicious circuits onto a chip isn't exactly an easy proposition, given that someone would either need to have access to a chip during its manufacturing process, or have the ability to manufacture their own. Or, as the project's lead researcher puts it, it's "not something someone would carry out on weekends."

[Via TG Daily, image courtesy Actel]

We've seen a couple viruses make their way into the manufacturing process and onto shipping products, and it looks like HP Australia and its enterprise customers are the latest victims. USB keys shipped with some HP Proliant servers are infected with the Fakerecy and SillyFDC viruses, and the company's issued an alert saying that any up-to-date virus scanner should be able to tackle the nasties. It's a pretty low-grade threat -- the key is only used to install floppy disk drivers and neither virus is particularly destructive, but all you server admins Down Under might want to check your rigs just to be sure.

[Via The Register]

Ever had an urge to really get a visual on what masterfully written predatory code would look like if allowed to grow into a 3D organism? Okay, so maybe that hasn't been on the forefront of your mind recently, but there's no denying that Alex Dragulescu's Malwarez project is quite the source of eye candy. According to its maker, the aforementioned initiative is a "series of visualization of worms, viruses, trojans and spyware code," and their "frequency, density and grouping are mapped to the inputs of an algorithm that grows a virtual 3D entity." Who knew viruses could look so dreamy?

[Thanks, Danger Mouse]

Remember back in the old days, when men were men, dogs ran free, and computers were the size of small countries? It was a time when viruses weren't malicious, rather, they delivered cherry popsicles, unicorns, and nuclear joy-beams. Well, now you can return to a simple time of laughter and love thanks to the Newton Virus and related dongle, created by the design collective Troika. Instead of gnashing your files, spamming your address book, or giving you "The Finger" repeatedly, this virus engages just once, and creates a playful desktop mishap that will undoubtedly inspire the victim to hug the nearest person. Though the virus was coded way back in 2005, it's now being shown at the MoMA's Design and the Elastic Mind exhibition. Watch it all go down, literally, in the video after the break.

[Thanks, H&M]

Ugh, we were already sick of digital photo frames -- and now it looks those now-discontinued virus-ridden Insignia units from Best Buy and several other models produced in China were carrying a much nastier trojan that we'd originally heard. According to an analyst form Computer Associates, the trojan, called Mocmex, is able to block more than 100 types of security and anti-virus software from killing it, and bypasses the Windows firewall to download files from remote locations, spreading them randomly over your hard drive and any portable storage device you plug into your PC -- like, for example, a digital photo frame. The trojan is apparently set to only steal gaming passwords at present, but CA says it's capable of stealing nearly any information on your machine, and thinks it might be a test for a much worse virus yet to come. Infected frames have come from Sam's Club, Target and Costco, in addition to Best Buy, so we'd say to avoid picking one up until this mess gets sorted out -- or, you know, forever.

As we noted a week back, Best Buy's house-brand Insignia photo frames are indeed virus-infected, but now it appears Best Buy is doing something about it. Unfortunately, info is still slim at the moment from company lips. Best Buy says it's "connecting with our customers who may have been impacted," and has pulled remaining inventory from the shelves, but there are no plans for a recall of the infected NS-DPF10A, and Best Buy won't specify what specific type of malware we're dealing with. Best Buy seems to think that anti-virus software should have no problem dealing with the old-ish trojan in the frames, and recommends customers plug the frame into a PC and run some current anti-virus software to eradicate the malware. Macs are unaffected, and Apple could be seen on the playground making smarmy remarks about the incident to anyone who'd listen.

We haven't exactly gotten a torrent of email complaints from angry Best Buy customers, but for anyone wondering why the $230 Insignia 10.4-inch photo frame got pulled from shelves last week, here's your answer: they were manufactured, like devices sometimes are, with a supposedly "old and easily removed" trojan. Funny, though, that the internal memo we got has Best Buy dragging its feet, intending to send a letter to potentially infected customers only "once a solution has been tested and confirmed." Here's a solution: recall the frames and send everyone some anti-virus software and a free appointment with the Geek Squad, instead of letting sites like ours break the news that Best Buy isn't moving fast to fix its digital security mishaps. The memo is posted after the break.

We hate to be bearers of bad news, but it looks like those of you squeaking by on a WEP-protected or unprotected wireless router have yet another reason to undertake the difficult task of selecting "WPA" on that router admin screen. A team of researchers at Indiana University have published a paper on how easily malware could spread through a densely populated area, with unprotected routers providing zero resistance, and WEP moderately more, while WPA proved generally unhackable. The spread of the malware was alarmingly similar to a biological virus, and while no such router "WiFi flu" has yet been developed by nefarious types, it's probably only a matter of time before something of its ilk takes a city by storm. In test attacks, after the initial infection phase, 10-55 percent of the routers were infected. We can do better, people. Oh, and to the guy upstairs: thanks for all the WiFi these years, those torrents will probably never be traced back to you, so don't worry.

We've already taught you to not use syringes USB flash drives that you find on the street, but we know all sorts of unwanted invaders can meander on into your hard drive when you're not looking. Enter LG's aptly-named Vaccine USB flash drive, which comes pre-loaded with anti-virus / malware protection software and provides "real-time system monitoring and hardware scans." Aside from making sure your rig doesn't catch any bugs going around, it also updates itself when plugged in to an internet-connected PC. Regrettably, we've no idea how much these things will cost (nor if Medicare will cover), but they will be offered up in sizes ranging from 512MB to 8GB.

[Via EverythingUSB, image courtesy of Pocket-Lint]

How convenient -- your shiny new Maxtor Basics Personal Storage 3200 may have come preloaded with a nasty virus right out of the box. That's right folks, you may not even need to open any suspicious emails or surf over to dodgy websites, as an undisclosed amount of drives produced by a company sub-contract manufacturer located in China were reportedly sent out with the Virus.Win32.AutoRun.ah program already loaded. Apparently, the molar virus is one that get its kicks by searching for passwords to online games (World of Warcraft included) and sending them back to a "server located in China," and as if that wasn't enough, it can also disable virus detection software and delete other molar viruses without breaking a sweat. In order to determine whether your drive is one of the lucky (or unlucky) ones, feel free to phone up Seagate with the serial number in hand, and if you haven't already updated your anti-virus software, now would probably be a splendid time to do so.

[Thanks, overseatrader]

MIT researchers have begun using bio-engineered viruses to build nanomaterials with wide-ranging applications, like thin battery fibers that may one day be woven directly into clothing. The process, which is being developed by Professor Angela Belcher and her team, has gained the interest of the US military for its potential in creating new types of sensors, solar cells, and batteries, as part of future combat gear. There's still a way to go, however -- right now all the virus-built fibers really do is glow red under ultraviolet, but Belcher is confident her "directed evolution" development technique will allow her viral construction crew to build more sophisticated fibers soon. Here's hoping -- we'd kill to recharge our devices with some stylin' battery-pants.

According to Intel, your computer-security fears will be a thing of the distant past thanks to its latest vPro technology update. Apparently, the new safe-guarding apparatus is a combination of the company's Core 2 Duo processors and the Q35 Express chipset, in addition to several "technology innovations" that the chipmaker says will fortify business-centric systems against "software-based attacks," as well as viruses and the ominously vague "other threats." New components of the technology include Intel's Trusted Execution Technology (TXT, AKA LaGrande), which isolates assigned memory and protects it from access via unauthorized software, and improved system defense filters, which can identify a larger number of threats in network traffic. "Today, the business desktop PC just got more secure," says a company spokesperson, though for our system "protection" we're sticking to NoDoz and nunchucks.

Joining the infamous Chip & PIN terminal hacks as yet another way to siphon banking details from unlucky Londoners, a group of "malware purveyors" reportedly dropped off tempting Trojan-infused USB drives in a UK parking lot in hopes that unsuspecting individuals would take the bait and subsequently hand over their banking credentials. Supposedly, Check Point regional director Nick Lowe mentioned the wile at the Infosec trade show, but couldn't elaborate due to the ongoing investigation. Another insight suggested that such chicanery was becoming "the new phishing email," but hey, where's the love for those oh-so-vulnerable ATMs? Take note, dear Brits, that the free storage you're eying on the park bench could end up costing you quite a bit in the long run.

If you've recently plunked down $599-ish for a TomTom GO 910 portable GPS device, but decided to hop onto the interwebs real quick just before you plug that sucker in (yeah, we know, the odds are low), then it looks like it's your lucky day. Apparently the Netherlands-based TomTom just admitted to a UK security journalist that the TomTom GO 910s that were produced between September and November of 2006 have been shipping with a couple Trojans -- similar to Apple's little RavMonE.exe debacle last year. But not to worry: "The viruses that were detected present an extremely low risk to customers' computers," according to TomTom. Of course, relaying to the public such helpful information that TomTom was obviously aware of would be clearly out of the question, but it's nice to know that while manufacturing oversights caused a couple of Trojans to be introduced to unsuspecting PC users by spendy GPS hardware, they at least aren't the nasty kind. TomTom claims the problem has been corrected, and that "Appropriate actions have been taken to make sure this is prevented from happening again in the future." They also have some instructions at the read link for removing the viruses (win32.Perlovga.A Trojan and TR/Drop.Small.qp), which mostly amount to advising you to update your virus software.

[Via Slashdot]