January 29, 2007 8:28 AM PST
TomTom shipped viruses on its navigation devices
According to the company, a "small number" of TomTom GO 910 satellite navigation devices were shipped last year with malicious software preinstalled.
"It has come to our attention that a small, isolated number of TomTom GO 910s, produced between September and November 2006, may be infected with a virus. Appropriate actions have been taken to make sure this is prevented from happening again in the future," said TomTom in a statement.
According to tech journalist Davey Winder, who blogged about the problem, the GO 910 units were running version 6.51 of TomTom's software. Winder found that the two pieces of malicious software are win32.Perlovga.A Trojan and TR/Drop.Small.qp, and are resident on the satellite-navigation hard drive within the copy.exe and host.exe files.
Winder reported that when a user complained to TomTom about the security breach, he was told that the problem was not serious and was advised to remove the Trojans with antivirus software.
TomTom had not confirmed exactly what viruses were present in the copy.exe and host.exe files at the time of writing, but did highly recommend that all TomTom GO 910 customers update their antivirus software and, if a virus is detected, allow the antivirus software to remove the host.exe and copy.exe files, and any other variants.
Antivirus vendors were unable to confirm exactly what the viruses do at the time of writing, but TomTom said in a statement that they "present an extremely low risk to customers' computers or the TomTom GO 910."
"To date, no cases of problems caused by the viruses are known," claimed TomTom.
The TomTom devices run on Linux, while the two viruses are Windows-based. Users will be aware that their navigation device is infected if, for example, they attempt to back up their content by connecting the device to a PC running antivirus software.
TomTom claims that both the host.exe and copy.exe files can safely be removed from the device with antivirus software. The company has warned that the files should not be removed manually, because they are not part of the standard installed software on a TomTom GO 910. They present no danger while driving with the TomTom GO 910, the company claimed.
TomTom was unable to tell ZDNet UK how the devices became infected. Graham Cluley, senior technology consultant at antivirus vendor Sophos, said the devices could have become infected during the quality assurance process.
As only a small number of devices are known to have been infected, Cluley said devices chosen for quality control could have been plugged into an infected PC within the organization during a quality assurance test.
"It's not likely they were deliberately infected, because of the small number of devices affected," said Cluley.
TomTom has posted a statement regarding the affected devices on its Web site.
Tom Espiner of ZDNet UK reported from London.
5 commentsJoin the conversation! Add your comment