We recently had an outbreak of the Conficker virus. While most of our PC's were protected, we did find some rogue windows devices. A converted picture frame, a recycled PC pointing to an old AV server with outdated definitions, etc.
I also found a PC that is running Windows XP Embedded. The vendor states (they installed it as part of a plotter system) that they never have had a virus on their systems as they do not talk to the Internet.
Well, Conficker spreads via the local LAN via a Windows vulnerability. Normally, our domain PC's are auto patched, but this one is not on our domain. It also does not have antivirus.
So, can it be infected? I googled "windows XP embedded virus" and it seems multiple vendors make products for them, leading me to believe - yes, they can be infected. I also read something about XPe (XP Embedded) having a special EWF - Enhanced Write Filter. The feeling I am getting is that EWF prevents writes to the hard drive. So should that keep if from being infected? Also, did the vendor configure EWF correctly?
Vendor won't let me in to the system to run a scan - don't know what they are afraid of. When I try to boot from a CD with a rescue disk to scan, the system will not accept my "boot from IDE CDROM" selection. Of course the BIOS is password protected.
Any thoughts?
Jeremy
Needs more pictures. If marketing has taught us anything, its that you can keep people's attention if you don't show some skin.....
ReplyDeleteDid you scan the embedded machine remotely?
ReplyDelete