We recently noticed that one of India’s biggest telecom service providers is currently serving up an infected version of a modem application on its website. This application is infected with a notorious file infector named “Sality”. While this is not the first time that a big player in the software market has served up an infected version of an application, it simply goes on to prove that good software quality assurance is still not taken up seriously.
Quality assurance as a function in any organization should not only ensure that the code written is bug free, but is also virus free. Implementing simple security protocol during different stages of a software release cycle would go a long way in ensuring that virus free software are provided to potential users.
The build environment used to compile the source code, for example, should be secure and could be isolated. There have been known cases where malware such as “Induc” infects the source code, which in turn produces infected executables. This drives home the point that even an isolated environment still needs an Anti-Virus solution installed. Once the executable is compiled, it is imperative that it is checked for any malware infections before release.
Additionally, the hosting environment used to serve the file to the customers should especially have beefed up security practices in place. Submitting the file served by the telecom service provider to Virustotal shows that the file is detected by almost all Anti-Virus vendors. This could imply that either the server hosting the file doesn’t have any Anti-Virus solution installed, or if one is, the product could have been compromised.
Organisations which take their reputation seriously cannot afford to tarnish it by getting their customers infected, even if it were unintentional. Several attempts were made by K7TCL to contact the organization in question, but it fell on deaf ears. The malicious file is still being served in their website.
Lokesh Kumar
K7 TCL
