It started with an email from a worried satnav user, Lloyd Reid of Trichromic LLP an IT consultant who knows his way around a computer and knows a virus when his AV software flags one up. The cause for his concern being a newly purchased TomTom GO 910 satnav unit that, once connected to his PC, immediately caused an anti-virus software alert. Not one, but two alerts in fact. The win32.Perlovga.A Trojan and TR/Drop.Small.qp were identified as being resident on the satnav hard drive, within the copy.exe and host.exe files.
That’s worth repeating, two Trojans resident on the hard drive of a brand new, straight from the shop, satnav unit.
Worth repeating, perhaps, that this was a unit connected to a PC already protected by AV software, a clean PC, a PC belonging to an experienced IT consultant. It was for this reason that I believed him, that I did not simply assume it was a case of mistaken identity as is so often the case with such reports where the infection was already there, or came via a route unconnected to the accused party.
Also worth repeating is the response that this particular chap got from the TomTom support line, which was simply to let his AV software delete the virus and move on as these ‘are not dangerous’ Trojans. Upon pressing his point that the tech support guy was missing the point, he was told to submit a report to the TomTom website. Being the pushy type, my informer called a TomTom number in the Netherlands but only got the run around and an email address which he complained to, copying me in on the message.
Naturally, having more than a passing interest in the field of IT security, I started investigating immediately. It didn’t take long to find a few scant mentions of one or two other users asking about the same infections, on the same device, in a couple of satnav user forums. It also didn’t take long to discover that there was no real response from TomTom being reported anywhere, no mention on the TomTom website that there was a potential problem (a search for the infected files, virus or even a warning on the TomTom support site flagged no hits at all) and no warnings being given to the public at large.
I made sure that my friendly contact at the PR agency that handles TomTom in the UK was aware of my interest and he promised to pass my questions on to TomTom for a detailed, official, technical comment ASAP. That response was delivered by the end of play the next day. I note, however, that as I write this there is still no official warning on the TomTom site regarding the fact that a number of satnav devices are known to be infected with a virus…
Here is that response in full:
“It has come to our attention that a small, isolated number of TomTom GO 910’s, produced between September and November 2006, may be infected with a virus. The virus is qualified as low risk and can be removed safely with virus scanning software. Appropriate actions have been taken to make sure this is prevented from happening again in the future.
It has been confirmed that a small number of TomTom GO 910 devices, produced between September and November 2006, and shipped with software version 6.51, may be infected with a virus.
The viruses that were detected present an extremely low risk to customers’ computers or the TomTom GO 910. To date, no cases of problems caused by the viruses are known.
How to detect the virus
In the isolated cases that a virus was detected, it was found when the TomTom GO 910 was connected to the computer and for example a back-up of the content on the device was being made.
What to do when a virus is found
TomTom highly recommends that all TomTom GO 910 customers update their virus scanning software, and if a virus is detected, allow the virus scanning software to remove the ‘host.exe’ file, ‘copy.exe’ file or any other variants.
The above identified files or any variants can safely be removed from the device with virus scanning software, and are NOT to be removed manually, as they are not part of the standard installed software on a TomTom GO 910. They present no danger whilst driving with the TomTom GO 910.
Customers that do not have virus scanning software are advised to install virus scanning software. The internet offers many free online virus scanners like Symantec and Kaspersky (www.symantec.com or www.kaspersky.com) that will remove the virus safely from the TomTom GO 910 as soon as it is detected.
Any customers who experience problems or have further questions are welcome to contact our Customer Support department.
UPDATE: Monday 29th January Following the publication of this news story, and the interest it has sparked amongst many online and print publications, TomTom has now posted the same statement as above on its website. Sadly, there is no sign of an apology alongside it...