Popular navigation aid TomTom has admitted that a batch of its latest devices have shipped with a virus already installed on them.
The infected GO 910 devices were all manufactured in a one-week period around October 2006, the company said, and the affected systems are running version number 6.51 of the TomTom software.
It refused to say how it was that malware had been installed on its products, but warned that infected versions of the GO will try to copy the malicious software to a PC, when connected. News of the infection was first reported on Sunday. TomTom rated the malware as "low risk" and said that it is detected by many anti-virus products. A "small, isolated number" of systems are affected, the company claimed.
Infected GO 910s include Trojan horse and virus software that has been blocked by anti-virus vendors since June 2006, said Roel Schouwenberg, a senior research engineer with Kaspersky Lab.
One of the files, called Backdoor.Win32.Small.lo, uses the Windows AutoRun feature to try and make Windows run the other malicious software on the device, once it's been connected to the PC, he said.
TomTom isn't the first company to make this kind of mistake. Apple accidentally shipped malware with some of its iPods last October, for example. The malicious software often gets installed when an infected PC is used to test or configure the devices.
However, the fact that the TomTom malware had been known for months when it was installed on the GPS devices reflects badly on the company, Schouwenberg said. "We found the malware in June," he said. "It means that someone around the product line is either not using anti-virus, or they're using bad anti-virus."
Find your next job with computerworld UK jobs