It seems that TomTom GO910 satnav systems produced between September and November 2006 and shipped with software version 6.51 have been shipped with malware. 

It seems that the devices had on them copies of two bits of malware that could get executed on PCs that are connected to the device. The two bits of malware are known as Virus.Win32.Perlovga.A Trojan and Trojan-Dropper.Win32.Small.apl. The two bits of malware are contained in the files ‘copy.exe’ and ‘host.exe’ on the hard drive in the TomTom satnav device.

The first bit of malware Virus.Win32.Perlovga.A is more of an irritant that a serious risk, however the second bit is slightly more worrying. Trojan-Dropper.Win32.Small.apl is a generic signature for a backdoor written with a specific set of virus writer tools, in this case the backdoor is also a dropper for Virus.Win32.Perlovga.B.

Although the backdoor has limited functionality it does raise the level of risk presented by this infection, coupled with the use of autorun functionality to enable propagation via disk insertion there is a real danger of these bits of malware spreading when Windows reads the drive in the device.

This is certainly not the first time something like this has happened, and it will not be the last. It is important to make sure that you have anti-virus installed and updates, with it configured to check disks on access.

To address this specific instance TomTom recommend that you scan the device with your anti-virus and have it remove the infected files.

Add this page to your favorite Social Bookmarking websites