Digital Picture Frames Infected by Trojan Viruses 174
CR0WTR0B0T writes "The San Francisco Chronicle is running a story on viruses loaded into digital picture frames, similar to the ones we discussed at the end of last year. The difference is in the virus used: 'The authors of the new Trojan Horse are well-funded professionals whose malware has 'specific designs to capture something and not leave traces ... This would be a nuclear bomb of malware.' Apparently, a number of regular folks have hooked them up to their home computer and loaded the virus. And if you think you're too smart to be fooled, apparently the Anti-Virus software makers have not caught up to the threat quite yet."
Well... (Score:5, Insightful)
- Run an OS that does not execute programs on devices once mounted, without user interaction but preferably not at all. (Autorun, I'm looking at you)
Although what doesn't seem to mentioned specifically is if the viruses are contained on the memory of the frames themselves (i.e. just like any other removeable drive) or whether they are on some sort of driver/bundle CD. It does seem to hint that it means the device itself, which begs the question how is it getting executed? Is there a setup.exe that autoruns like on certain brands of USB drive (DUMB IDEA OF THE CENTURY)? Are there infected data files like JPEG's that just so happen to allow execution of their code on certain OS's? Is there an actual executable that isn't supposed to be on there at all that autoruns or waits for the user to double-click it?
Either way, it's hardly a brilliant way to spread and only a dozen or so people seem to have been affected out of whichever country it's talking about (presumably the US). That sounds more like they had the virus already and it made its way onto their digital photo frames when they first connected them. Yes, it's a worry that malicious code could make its way onto a consumer device at the factory, but more at fault here are the OS and the user practices - we had all this back in the 80's/90's... don't take floppies off people you don't trust without scanning them first. Have we seriously come full-circle to the same dumb, preventable "problem"?
Nuclear bomb of malware? (Score:3, Insightful)
Put the pieces together (Score:5, Insightful)
2. Computer Associates has traced the Trojan to a specific group in China
3. It spreads by USB drives
4. "It is a nasty worm that has a great deal of intelligence,"
Follow the money. My money's on an espionage tool from the Chinese government or its affiliated corporations. Let the flaming begin...I said "China" and "espionage" in the same sentence, I'm sure folks out there would like to lynch me just for even suggesting that there is such a laughable concept as espionage, or bash me for so-called China-bashing (which includes any criticism of China except those for human rights, that's OK).
ALERT: People at SANS, incoming CHAIRS! (Score:4, Insightful)
Deborah Hale at SANS suggested that PC users find friends with Macintosh or Linux machines and have them check for malware before plugging any device into a PC.
Oh boy, you gotta love that bit. Amusing as the suggestion that Mac's and Linux "machines" are not PC's may be, do you realize just how damning of MS software this is? SANS, a security organisations basically says that if you don't trust a piece of hardware, then it is okay to plug it into a mac or linux machine, to test wether it is safe to plug it into a windows pc.
Is this like those warnings on tv, kids do not try this, if you want to do this experiment, get an adult to help you. Kids do not use windows blindly, if you do wish to add a new device, get someone with a real OS to help you out.
Oh well, to all the windows using women out there, remember, the standard rate for getting a guy to help you out is ONE blowjob. Please form an orderly cue.
You really just got to wonder what they were .... (Score:3, Insightful)
Don't virus writers have better thens to do?
Unless they are vested in anti-virus software, whats teh point other than just causing countless people problems.
Re:You really just got to wonder what they were .. (Score:4, Insightful)
Virus writing is highly profitable, each second a piece of malware goes unstopped on a machine is a second that the machine can continue to spew spam, spy on an internal network, or be a part of a DDoS attack.
Re:Well... (Score:5, Insightful)
And this would help HOW? Maybe it'd allow certain wiseguys to point at and blame the user for mounting the volumne in question - but ordinary users who just want to put pictures on their frame would *have* to mount it it, and it doesn't matter whether you have to click or whether it happens automatically. In fact, given that you'll likely only ever plug in the frame when you actually do want to access it, automounting seems like a good idea that does save you work in this case.
Automatically running code without the user asking for it is another issue, of course - that is a colossally stupid idea indeed, yes.
Re:Well... (Score:4, Insightful)
Network Virus Innoculation (Score:3, Insightful)
I should be able to subscribe to an antivirus site that distributes inoculation viruses, just like in nature. Install it on my home/office server, and it gets updates which attack my own hosts the same way as the enemy virus does in the wild. But its attack payload is removed, replaced with a payload that patches the infected host against the attack virus. The home server should also scan the network's devices for other signs that they're already infected, including emailing me with instructions how to inspect each device for UI signs that it's infected with the attack vir And periodic (daily/weekly/etc) reports of "health status". When it detects a host, like a networked picture frame, that seems to be already infected but can't be autopatched, it can recommend further manual steps if possible, including wiping the host's storage if that will work. Or just recommend unplugging and throwing away a doomed host, perhaps with a mail-in "thorough treatment" by the antivirus vendor experts, if there's a chance to recover data and the device. Or just throw away a hopeless device.
There's a lot of talk lately about "good worms" which would cruise the Net just like "bad worms", but patch instead of infect. Since "patch vs infect" is in the eye of the human operator, that unsupervised release into the wild can easily go wrong. But this kind of managed release in each LAN, rather than just over the entire WAN (Internet), leaves the "doctor virus" compartmentalized - don't let it route between LAN segments. And more importantly, it leaves the vendor and the home user who started it each responsible, and accountable, for using it right. If it's made extremely simple to operate, with the most minimal user intervention required, this kind of product could really improve security without a lot of hassle. And make antivirus vendors a new ton of money.
Re:Well... (Score:3, Insightful)
you plucked this assertion out of your ass
Re:WARNING: GNAA (Score:3, Insightful)
Good enough for you?
Re:Nuclear bomb of malware? (Score:2, Insightful)
oblig. (Score:1, Insightful)
- Run an OS that does not execute programs on devices once mounted, without user interaction but preferably not at all. (Autorun, I'm looking at you)
Re:Well... (Score:3, Insightful)
you plucked this assertion out of your ass
Re:Well... (Score:3, Insightful)
Re:Nuclear bomb of malware? (Score:3, Insightful)
It is not "professional", but gov. (Score:3, Insightful)