La plus grande peur des constructeurs. Avoir une infection invisible au sein même des périphériques construits en usine. C'est ce que subit actuellement Dell, qui fournit des carte mère dont la mémoire flash est infectée d'un ver. Vous imaginez? Acheter un matériel neuf, vierge, prêt à l'emploi, déjà infecté?
Dell is warning that some motherboards shipped as replacement parts carry a W32 spybot worm in the flash memory.
The sketchy reports that emerged on July 21, as well as conflicting statements from Dell representatives on a support forum, led some to fear that the worm was actually part of the system's firmware. Further clarification from Dell, however, dispelled that worry.
Still, components sent by a generally well-trusted computer maker were pre-infected with malicious code, which inspires security fears. The threat is one that many legislators and federal policymakers have worried about for years: spyware embedded in systems as they ship from the manufacturer.
"Buy American" rules can be difficult to implement for information technology because the components in a single computer may be individually manufactured in many different countries. But as the government becomes increasingly dependent on technology, worries grow that enemies could fairly easily penetrate our defenses with a few lines of code written into a microchip embedded in a motherboard at the factory.
"The United States Embassy in Moscow was bugged during its construction in the 1970s by Soviet agents posing as laborers," wrote blogger Kevin Marquette in a comment at newscientist.com. "When discovered in the early 1980s, it was found that even the concrete columns were so riddled with bugs that the building eventually had to be torn down and replaced with a new one.
"If they will bug the bricks in our walls, I would expect them to do the same to our computers."
The Defense Department in 2007 fielded a "tiger team" to test software developed overseas,
In this case, Dell maintains that only a small number of customers potentially received the infected components, which are for any of four models in the PowerEdge server line. The company is replacing the motherboards and ensuring that no other infected ones are shipped, according to reports.
Src here!
