CHINA — As if the malware invasion weren’t bad enough, now comes word from the Associated Press that some hot electronic gadgets come pre-installed with the sorts of nasty stuff we all try not to put on them by accident post-purchase.According to the AP report, iPods, digital picture frames and TomTom navigation gear sold at brick-and-mortar stores like Target, Sam’s Club and Best Buy — as well as on websites owned by the manufacturers — have been reported carrying viruses and spyware that “steal passwords, open doors for hackers and make computers spew spam.”

“In most cases, Chinese factories — where many companies have turned to keep prices low — are the source,” according to the AP.

Evidently, the devices are being compromised during the manufacturing process by employees who plug their personal devices into corporate networks. Viruses the employees have downloaded to their personal equipment are able to leap across to manufacturing equipment, and from there products in the final stages of the assembly line are easy targets. However, the AP didn’t rule out the possible involvement of corrupt employees and hackers who breach manufacturing firewalls.

The AP said it’s impossible to determine how widespread the problem may be because of corporate secrecy, but “given the nature of mass manufacturing, the numbers could be huge.”

Computer security experts are alarmed by the development, because it points out a hole that could be exploited relatively easily by anyone with malicious intent. In addition, people whose security software isn’t up to date could see any device that comes into contact with infected new products develop a raging infection of its own. An epidemic may not be far away.

Even those who are scrupulous about updating their anti-virus software may be at risk. In one case, a digital photo frame sold at Sam’s Club was infected with a previously unknown bug for which there was no known defense.

“We’ll probably see a steady increase [in infections] over time,” Zulfikar Ramzan, a computer security researcher at Symantec Corp, told the AP. “The hackers are still in a bit of a testing period; they’re trying to figure out if it’s really worth it.”