June 11, 2020

Russian anti-virus company Doctor Web reminds users that their equipment can be infected even during manufacturing. A recent investigation into a malware-related incidents provides an illustrative example. An entire collection of malicious programs was discovered on a recently purchased laser-cutting machine. The nefarious tasks attackers could accomplish with these programs ranged from hiding files on removable media to spreading a worm across networks. Strangely enough, the machine's manufacturer advised the client to disable the anti-virus and denied any possibility of an infection existing in the system.

How Dr. Web disarmed malware on a machine

Being relatively cheap, modern equipment is nonetheless packed with impressive features and capabilities. More often than not, machines of this kind don't rely on special firmware. Instead, they run the same operating systems that power ordinary PCs. Such as Windows and Linux

Because of this, malware can easily take up residence in the equipment—either deliberately or through negligence. Anything can happen.

While protecting PCs or servers with an anti-virus program is now a recognised necessity, the idea that some 'smart chandelier’ must also be scanned for malware is still regarded as nonsense. Meanwhile, a malware-infected machine accessing a company's local network (with no anti-virus protection whatsoever), is a dream come true for criminals planning a targeted attack.

Fortunately enough, the customer who ended up in the predicament, did have their infrastructure protected with Dr. Web Enterprise Security Suite, which promptly detected the worm. Doctor Web security researchers thoroughly investigated the incident. Their special utility discovered and neutralised an entire conglomeration of malicious programs ranging from a network worm and a trojan hiding on removable media to malware that injects its code into system processes.

While Doctor Web was trying to understand what was going on, the manufacturer's customer care assured the client no malware was involved and the anti-virus needed to be disabled. Dr. Web showed who was really right.

Hence, this recommendation: A corporate anti-virus must be up and running on computers within your infrastructure. And someone should monitor infection statistics, too. Otherwise, no one will be able to quickly notice that an infected PC or other device is using the network. Always, scan new 'smart' equipment with an anti-virus solution.

Dr.Web is certainly well suited for doing so.