Welcome to the SecAware blog

I spy with my beady eye ...

8 Mar 2011

Insider virus hits Whac-A-Mole

A long-term contract programmer working for the company that produces the Whac-A-Mole arcade game is accused of planting viruses in the code, perhaps as revenge against plans to end his contract, perhaps as a cunning plan to steal his client's business.

Reading between the lines, it seems likely that the programmer was in a position of trust, established over the past 30 years.  If the company had any controls against viruses being included in its code, they evidently failed to detect the infection and/or notify management - perhaps the programmer could disable or bypass the controls?  More likely they had no such controls at all.  Inspecting source code for malware is neither a trivial nor a cheap exercise, although there are several potential benefits from this control aside from malware detection e.g. identification of redundant code, potential buffer overflows, undefined variables, bugs, design flaws and general code quality improvement. 

The financial impacts on the company in this case appear to be of the order of $100,000.  If the incident had affected the average financial, government or military institution, the impact could have been disastrous.

Gary (Gary@isect.com)

No comments:

Post a Comment