Results 1 to 5 of 5

Thread: Digital Picture Frames Infected by Trojan Viruses

  1. #1
    Super Moderator
    Fernbay's Avatar
    Join Date
    Jan 2008
    Location
    Newcastle
    Posts
    4,684
    Thanks
    1,515
    Thanked 3,458 Times in 1,141 Posts
    Rep Power
    670
    Reputation
    15830

    Default Digital Picture Frames Infected by Trojan Viruses

    Beware cheap Chinese products eh




    An insidious computer virus recently discovered on digital photo frames has been identified as a powerful new Trojan Horse from China that collects passwords for online games - and its designers might have larger targets in mind.

    "It is a nasty worm that has a great deal of intelligence," said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse.

    The virus, which Computer Associates calls Mocmex, recognizes and blocks antivirus protection from more than 100 security vendors, as well as the security and firewall built into Microsoft Windows. It downloads files from remote locations and hides files, which it names randomly, on any PC it infects, making itself very difficult to remove. It spreads by hiding itself on photo frames and any other portable storage device that happens to be plugged into an infected PC.

    The authors of the new Trojan Horse are well-funded professionals whose malware has "specific designs to capture something and not leave traces," Grayek said. "This would be a nuclear bomb" of malware.

    By studying how the code is constructed and how it's propagated, Computer Associates has traced the Trojan to a specific group in China, Grayek said. He would not name the group.

    The strength of the malware shows how skilled hackers have become and how serious they are about targeting digital devices, which provide a new frontier for stealing information from vast numbers of unwary PC owners. More than 2.26 million digital frames were sold in 2007, according to the Consumer Electronics Association, and it expects sales to grow to 3.26 million in 2008.

    The new Trojan also has been spotted in Singapore and the Russian Federation and has 67,500 variants, according to Prevx, a security vendor headquartered in England.

    Grayek said Mocmex might be a test for some bigger attack, because it's designed to capture any personal, private or financial information, yet so far it's only stealing passwords for online games.

    "If I send you a package but it doesn't explode, why did I send it?" he said. "Maybe I want to see if I can get it out to you and how you open it."

    The initial reports of infected frames came from people who had bought them over the holidays from Sam's Club and Best Buy. New reports involve frames sold at Target and Costco, according to SANS, a group of security researchers in Bethesda, Md., who began asking for accounts of infected devices on Christmas Day. So far the group has collected more than a dozen complaints from people across the country.

    The new Trojan isn't the only piece of malware involved. Deborah Hale of Sans said the researchers also found four other, older Trojans on each frame, which may serve as markers for botnets - networks of infected PCs that are remotely controlled by hackers.

    There is W32.Rajump, which deposits the same piece of malware that infected some of Apple's video iPods during manufacturing in October 2006. It gathers Internet Protocol addresses and port numbers from infected PCs and ships them out, according to Symantec. One destination is registered to a service in China that allows people to conceal their own IP addresses.

    Then there is a generic Trojan; a Trojan that opens a back door on PCs and displays pop-up ads; and a Trojan that spreads itself through portable devices like Mocmex does.

    How all this malware got onto the photo frames and what it's doing there is unclear. Trojans can download other Trojans, which is part of how botnets are controlled.

    While SANS is investigating the infections, the retailers are saying little.

    Sam's Club said it has found no infected frames, and its distributor, Advanced Design Systems, did not return calls seeking comment.

    A few Target customers complained about frames distributed by Uniek, a store spokesman confirmed. Target is no longer selling those frames, but that's because the frames didn't sell well over the holidays, he said. Target has found no infections, he said, but is watching for them.

    Best Buy said one line of its Insignia frames - also now discontinued - was infected during manufacturing but would not provide details.

    Costco did not return calls seeking comment.

    How to avoid problems
    Protecting against these new computer viruses, which so far are aimed at PCs running Windows, is hard - and sometimes impossible.

    Updated antivirus software works unless the malware writers get ahead of the antivirus vendors, which is what happened with the new Trojan. Computer Associates, for example, just began protecting against it last week.

    While some advise disabling Autorun in Windows, which allows devices to run automatically when they're plugged into a USB port, it's not a failsafe. Doing so requires some computer expertise, and this Trojan re-enables Autorun if it's turned off, according to Brian Grayek of Computer Associates. "If you plug in (the frame), you're already infected," he said.

    Deborah Hale at SANS suggested that PC users find friends with Macintosh or Linux machines and have them check for malware before plugging any device into a PC.

    She also recommended backing up data with an online service such as Mozy.com that offers free backup for home users with less than 2 gigabytes of data. But it does not back up the operating system, she warned. If you're attacked and your PC fails, you'll have to reformat and reload all of the programs.



Look Here ->
  • #2
    Member pit5bul's Avatar
    Join Date
    Jan 2008
    Location
    Melbourne
    Posts
    331
    Thanks
    27
    Thanked 49 Times in 20 Posts
    Rep Power
    215
    Reputation
    326

    Default wtf.. what's next... bombs in digital cameras ?

    mate i think this whole digital progress makes us more and more vulnerable to all sorts of things... all i have to ask ourselfs is whats next... the way were going soon were gonna be branded like cows.. and dna tested at birth just to make sure nobody steals your id

  • #3
    Senior Member
    Uncle Fester's Avatar
    Join Date
    Jan 2008
    Location
    Commonly found in a pantry or the bottom of a fridge, searching for grains, fermented or distilled
    Posts
    6,405
    Thanks
    2,289
    Thanked 4,414 Times in 2,517 Posts
    Rep Power
    2046
    Reputation
    81778

    Default

    These viruses can spread through any (intelligent) device that is connected to a USB port because of the 'plug and play' way a USB system communicates. When you plug something in, the PC is basically allowed to accept anything and being a Windows OS it can automatically execute code without the user's interaction.
    A way to get around this would be to go back to the good old COM port(perhaps a high speed revamp) where the user first has to activate the software for the device and with it the port's configuration and the PC then only accepts the exact code that it expects otherwise it simply won't work.
    This might also work with a different handing of the USB port without changing hardware.

  • #4
    Senior Member DND's Avatar
    Join Date
    Feb 2008
    Posts
    1,314
    Thanks
    359
    Thanked 301 Times in 186 Posts
    Rep Power
    271
    Reputation
    1569

    Default

    makes you think trice about them handheld kids games you get now with the usb port on them

  • #5
    Member tytower's Avatar
    Join Date
    Jan 2008
    Posts
    352
    Thanks
    12
    Thanked 17 Times in 15 Posts
    Rep Power
    213
    Reputation
    238

    Default

    Well to me it sounds like it can do everything !
    Which sounds pretty damn good for a computer virus . A little too good to be true.

    Personally I'd say the above is a scam to get you to upload your data to the site given.

    Ask yourself why would someone offer to keep a large storage computer running 24/7 for free. ?

    With Linux the user has to go to a file and make it executeable before it can run. Next you will be telling me the virus can do this itself Yeh?

  • Similar Threads

    1. WTB:120 GB Western Digital SATA BEVS-LAT HDD
      By shai12 in forum Buy Sell and Trade
      Replies: 1
      Last Post: 06-08-08, 04:22 AM
    2. No Picture On 360
      By erhan75 in forum X-Box And Xbox 360
      Replies: 35
      Last Post: 21-02-08, 02:17 PM
    3. Digital Camera / Slr Pics
      By shane33 in forum Sound/Visual/Digital Multimedia
      Replies: 2
      Last Post: 09-02-08, 10:10 PM
    4. WTB:Digital Voice Recoder/Dictaphone
      By urban_s0ulja in forum Buy Sell and Trade
      Replies: 1
      Last Post: 17-01-08, 07:55 AM
    5. Dolby Digital 5.1 surround and Austar
      By LeroyPatrol in forum Satellite TV General
      Replies: 18
      Last Post: 14-01-08, 10:06 PM

    Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •