Chinese digital-picture-frame comes with pre-installed trojan

[unixronin]

"It is a nasty worm that has a great deal of intelligence," said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse.

The virus, which Computer Associates calls Mocmex, recognizes and blocks antivirus protection from more than 100 security vendors, as well as the security and firewall built into Microsoft Windows.  It downloads files from remote locations and hides files, which it names randomly, on any PC it infects, making itself very difficult to remove.  It spreads by hiding itself on photo frames and any other portable storage device that happens to be plugged into an infected PC.

The authors of the new Trojan Horse are well-funded professionals whose malware has "specific designs to capture something and not leave traces," Grayek said.  "This would be a nuclear bomb" of malware.

[...]

The new Trojan also has been spotted in Singapore and the Russian Federation and has 67,500 variants, according to Prevx, a security vendor headquartered in England.

Grayek said Mocmex might be a test for some bigger attack, because it's designed to capture any personal, private or financial information, yet so far it's only stealing passwords for online games.

"If I send you a package but it doesn't explode, why did I send it?" he said.  "Maybe I want to see if I can get it out to you and how you open it."

There's a total of five trojans on the frames.  It's a pretty clever little piece of social engineering, too.  The vast majority of unsophisticated users wouldn't ever think of a "digital picture frame" as something that can infect their computer — "It's just a display device, isn't it?"  And it hides from antivirus software ... "Symantec never gave me any warnings when I connected it!"  All they know is their computer keeps getting infected from somewhere, but they don't know where.  If they even know it's infected in the first place.

Comments

[wyrdling.livejournal.com]

creepy. but unsurprising. only the tip of the iceberg of what's to come, i'm sure.

[theonetruejim.livejournal.com]

That's just perfect. Expect it to show up in MP3 and video players Real Soon Now.

Speaking as someone who used to do antivirus as his ninetofive, I've always thought av scanners were fighting a losing battle - it's hard to hold the ramparts when the drawbridge is down and gate's standing wide open.

For now, Linux seems to be largely virus-free. For now.

[house-pundit.livejournal.com]

This isn't actually as difficult to defeat as it sounds, but it would be time-consuming.

One of its weaknesses is that it names files randomly on your PC. One is that you have to have read-only CDs or DVDs of your preferred software, clean. Two is that you have to make or keep a list of your known wanted files, and back them up by name and extension to read-only CDs or DVDs. You need to have a separate quarantine machine that never connects out, never networks, never hooks up your read/write peripherals. You need to set it up to execute absolutely nothing from a CD.

You periodically do a complete low-level reformat of your hard drive and each peripheral, then you re-install your software and copy back your desired files by name.

It's time-consuming, it's a pain in the ass, but it will absolutely work.

Good general computer hygiene, updated security software, plus a full scrub every six months is probably adequate. Corporations need to have their networks completely sequestered from the internet to begin with, and have public access machines for getting out on the net.

The Chinese military is going all out on cyber warfare, and the corporations are losing. There's only one good solution. Quarantine, and read only disks to take files off the internet and import them into the network.

If you're not doing sensitive stuff--there's nothing sensitive on my machine but manuscripts--garden variety security updates are generally good enough unless performance degrades.

The best way to keep your machine insulated from working as someone's bot-bitch is keeping your security updated, but also physically disconnecting from the network when you aren't up and working.

Good computer hygiene is possible, and technically easy. It's just time-consuming and a complete pain in the ass.

Computer hygiene is like personal hygiene or privacy--you have to weigh your risks versus benefits and decide how clean you want to be.

[unixronin.livejournal.com]

One of its weaknesses is that it names files randomly on your PC. One is that you have to have read-only CDs or DVDs of your preferred software, clean. Two is that you have to make or keep a list of your known wanted files, and back them up by name and extension to read-only CDs or DVDs.

Or you use something Tripwire-like.

[ithildae.livejournal.com]

How long until they start targeting linux or mac boxen? Seems to me that linux boxes would be the biggest prize. They tend to stay up longer, are more reliably connected to the internet, and their owners think they are secure.

It also sounds like the Trojans are not yet embedded into the device firmware, but can be formatted away. That is probably the next step, make it so you can't get rid of them. The more I learn, the more I think WWW means Wild, Wild, Web.

[house-pundit.livejournal.com]

Unix? Secure? Bwahahahahahaha.

Anybody figure out how to get VM/CMS running on a laptop? :-)

[house-pundit.livejournal.com]

answer? Yes. of course. love the interweb.

[olafthunderfoot.livejournal.com]

niiiice, and to think i thought about getting one!