Uh oh. ASUS just issued a recall for all Eee Box PCs sold in Japan due to a nasty pre-installed worm. The malicious code dubbed "recycled.exe" may attempt to download additional malware while attempting to replicate itself to attached USB storage devices at the first opportunity. Of course, this isn't the first time that ASUS has been embarrassed by its image burns. Who could forget the the illegal keygen and confidential documentation shipped on those brand new laptops last month? Apparently, only ASUS who has yet to clean house.

[Via The Inquirer]

While it doesn't appear to be nearly as serious as some of the computer problems the International Space Station has faced, it looks like a virus has managed to find its way onto some of the laptops used on the Station, which NASA is now describing only as a "nuisance." According to SpaceRef.com, the virus is the W32.Gammima.AG worm, which is normally used to swipe sensitive information for online games. As Wired's Threat Level reports, the worm has also spread to more than one laptop on the Space Station, which would seem to suggest that it has either been spread via an on-board intranet, or via a thumb drive. Somewhat disconcertingly, when asked by Threat Level if any mission critical systems were connected to the same network as the laptops, NASA spokesperson Kelly Humphries simply said, "I don't know and even if I did, I wouldn't be able to tell you for IT security reasons."

[Via Threat Level, thanks a.c.e.r.]

SanDisk has been toying with this for eons, but it seems the pieces finally fell in place for the firm to kick out its very first write-once memory card. The cleverly titled WORM (Write Once Read Many) SD card will predictably be aimed at industries where unalterable content is vital, such as police investigations, court testimony, electronic voting, etc. According to SanDisk, there is "no physical way to alter or delete individual recorded files," but we'd wager that hackers at large would have a thing or two to say about that. Nevertheless, said units tout a 100-year archive life when kept under appropriate storage conditions, and while a 128MB iteration is the only one available now (more capacious versions are forthcoming), you'll have to "inquire" to see just how inflated the pricing is.

If you can keep track of the bad TV movie / high school drama that the OS X worm saga has become, hats off to you. In the latest round of confusing doublespeak from the underbelly of the security world, a few key players are (possibly) taking turns swapping identities -- and trading death threats. In the latest installment, Jon Ramsey is Infosec Sellout, David Maynor is LMH, anonymous commenters are promising to "put a bullet in your head for this!" and a spooky legion of "black hat" hackers known as the "Phrack High Council," (or PHC) are doing their best Freemasons impersonation. Now, with the Infosec site deletions, and Dave Maynor's supposed self-outing, calls being issued for the worm to be proven in the wild are increasingly mixed with the literal cries of bloody murder -- all over what can best be described as the lamest hoax for the biggest nerds in internet history. Check out the Computerworld article for some... insight?

Update: As noted by a few commenters, David Maynor is now claiming on his blog that he isn't LMH, and that the admission "from" him had been faked. Of course, in this subterfuge-filled war of words, we'll take it with a grain of salt.

[Via Slashdot]

InfoSec Sellout, the hacker(s) behind that claimed OS X worm we mentioned yesterday, has kinda-sorta disappeared from the Internets. Sellout's blog, which classified the information security industry as a bunch of "snake oil salesmen, pimps and whores," is "now dead" according to the anonymous blogger (or bloggers) who many think is hacker LMH of January's "Month of Apple Bugs." Mysteriously, the site has reemerged under a new name boasting a link to SecurityFocus where InfoSec Sellout's vulnerability claim now includes the latest version of OS X: 10.4.10. Oddly, Sellout claims that his/her site was hacked, and the new posts are fakes. Huh? Sellout claims that the reason for the shutdown was due to the loss of hacker anonymity from "cry babies" who can't handle a little honesty. Of course, none of this makes any sense. After all, there's always Google cache. Besides, if his/her (or their) claim of developing a first, massively propagating OS X worm is true, then just like DVD Jon before, Sellout's fiscal future as an industry professional would be all but guaranteed. So what are you really hiding from Sellout?

[Via Macworld]

Read -- InfoSec old site (via Google Cache)
Read -- InfoSec new site
Read -- InfoSec Sellout's identity?
Read -- SecurityFocus vulnerability description

Look, we're fine with Apple gloating about the security of OS X in their Mac vs. PC adverts. After all, we have yet to see a large-scale worm released into the Macintosh community. However, the fact that a worm hasn't been released on a Windows-esque scale likely has less to do with Apple's superior coding than the size of their market share, i.e., OS X is a smaller target. That might soon change, however. A vulnerability has reportedly been found and more importantly, exploited by an "independent researcher" known only as "InfoSec Sellout." Apparently, a previously undisclosed vulnerability in the OS X mDNSResponder (which Apple has patched before) allowed Sir Sellout to cobble together a worm dubbed "Rape.osx." InfoSec Sellout claims to have released the worm into a controlled environment thereby infecting a network of about 1,500 OS X systems by nabbing root and dumping a text file as an evidentiary foot print. However, the worm's author claims that it can be broadly weaponised with a payload of choice across both PPC and Intel-class Macs with just a bit more work. InfoSec Sellout will disclose the vulnerability to Apple only after his/her "research is complete" and after an appropriate level of compensation (er, InfoSec Ransom?) received. Dubious as that sounds, for better or worse, it's the way the game's currently played.

[Via Slashdot]