[K3CAL] ALERT TO THOSE WHO HAVE PURCHASED CHEAP CHINESE H-Ts (I am one!)

Sat Mar 16 18:12:26 EDT 2013

Thanks Ron, wonder if that same Trojan came with usb adaptor cables, that
have been around for a few years? And if so I wonder if the various virus
programs we are all running can detect and remove them???

Is this letter classified or could one forward it to the help center of the
virus protection that is on ones computer? Thus far I haven't had any
detection from Norton (yes I Know....) but I may want to send this along. 

Thanks for the heads up.

73's, DE k3uga
Jim Tetlow
k3uga at yahoo.com

-----Original Message-----
From: k3cal-bounces at mailman.qth.net [mailto:k3cal-bounces at mailman.qth.net]
On Behalf Of Wa4prr
Sent: Saturday, March 16, 2013 4:57 PM
To: K3CAL at mailman.qth.net
Subject: [K3CAL] ALERT TO THOSE WHO HAVE PURCHASED CHEAP CHINESE H-Ts (I am
one!)

All who have or are thinking about purchasing a cheap Chinese H-T, please
read the following alert I have received on the NASA ARC mail reflector!
The radios are  OK, but the programming software with it has hidden VIRUS
AND / or TROJAN HORSE programs!  See below.  73,

Ron Byzet / WA4PRR - Sent from my iPad

--------------------------------------------------------------
This message traffic is of, by and for members and friends of the NASA
Goddard Amateur Radio Club (GARC) and WA3NAN.
--------------------------------------------------------------

FYI - software that comes with some Chinese products can be bad news,
excerpts from some amateur radio e-mails...73 Ron N3AEA

----------------------------------

A Colorado-based IT specialist and advisor to the military sends this
caution about a dangerous bargain in the ham radio marketplace.

The best buy these days in handheld transceivers are the ones from Hong
Kong. They are being purchased by amateurs, public service providers, and
others in government organizations. Some versions have FCC and other type
acceptance. The transceivers sell for a fraction of the price of comparable
units from the big three yet can work all the amateur and public service
frequencies from the civil aircraft band to the top of the public service
UHF band. They have many memories and features and can be programmed from a
PC. Powered by big lithium ion batteries (included) they are a steal for
$55.00. 

Or so it would seem.

I work for Digital Globe Incorporated, a government contractor we are
working with the USG to resolve issues as they appear with regard to
computer and Internet security. The software tools we use are among the
strongest available anywhere (and as a result, the most intrusive and
painful!)   So when I put the tiny driver CD that came with my [Chinese]
handheld transceiver's programming cable into a machine to scan it I had no
idea that the disk would pull an immediate alert. The alert was so strong
that I could not go any further and determine contents, files, names of
virus, and so forth.

The CD was given to our computer security department. They will process it
and forward the results to their USG contact. This is only the second time I
have seen an alert this strong. The other time (last week actually) was
while downloading a .pdf research paper from a university researcher's site.

Lest anyone think otherwise, we are under attack. One might suspect that the
"real" object of the exercise with regard to the very low cost of the Hong
Kong HTs is the unseen present on the CDs. I'm not a conspiracy theory sort
of guy; we can talk more about this at some point.

I might suggest a neutrally worded warning to destroy any driver CDs that
come with Hong Kong HTs; the Prolific USB/RS-232 drivers are available at no
charge from US sites and the public domain open source CHIRP software is
more than adequate for programming the radios in any event.

UNCLASSIFIED

___________________

"OK. So like a fool I spent $44 plus another $8 or $9 for the programming
cable and software. The radio's OK - you get about what you pay for. Today,
I placed the software CD in my PC, and I thought that before I executed
anything I would run a virus & spyware scan. Found 2 files that were
identified as high risk Trojans
:
BF-6665BF7775BF8885PROGRAMMINGSOFTWARE.rar.IBF-480.exe and
PX-V5+Voice.rar|PXV5P+___.exe

Seems like they are a variety of "Trojan.Zip.Bredozp.b(v)", which is "a
banking trojan that disables firewall, steals sensitive financial data
(credit card numbers, online banking login details), makes screen snapshots,
downloads additional components, and provides a hacker with the remote
access to the compromised system." 

Yep! I got what I paid for! 73, John"

______________________________________________________________
K3CAL mailing list
Home: http://mailman.qth.net/mailman/listinfo/k3cal
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:K3CAL at mailman.qth.net

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html