Chinese digital-picture-frame comes with pre-installed trojan

[unixronin]

"It is a nasty worm that has a great deal of intelligence," said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse.

The virus, which Computer Associates calls Mocmex, recognizes and blocks antivirus protection from more than 100 security vendors, as well as the security and firewall built into Microsoft Windows.  It downloads files from remote locations and hides files, which it names randomly, on any PC it infects, making itself very difficult to remove.  It spreads by hiding itself on photo frames and any other portable storage device that happens to be plugged into an infected PC.

The authors of the new Trojan Horse are well-funded professionals whose malware has "specific designs to capture something and not leave traces," Grayek said.  "This would be a nuclear bomb" of malware.

[...]

The new Trojan also has been spotted in Singapore and the Russian Federation and has 67,500 variants, according to Prevx, a security vendor headquartered in England.

Grayek said Mocmex might be a test for some bigger attack, because it's designed to capture any personal, private or financial information, yet so far it's only stealing passwords for online games.

"If I send you a package but it doesn't explode, why did I send it?" he said.  "Maybe I want to see if I can get it out to you and how you open it."

There's a total of five trojans on the frames.  It's a pretty clever little piece of social engineering, too.  The vast majority of unsophisticated users wouldn't ever think of a "digital picture frame" as something that can infect their computer — "It's just a display device, isn't it?"  And it hides from antivirus software ... "Symantec never gave me any warnings when I connected it!"  All they know is their computer keeps getting infected from somewhere, but they don't know where.  If they even know it's infected in the first place.

Comments

[ithildae.livejournal.com]

How long until they start targeting linux or mac boxen? Seems to me that linux boxes would be the biggest prize. They tend to stay up longer, are more reliably connected to the internet, and their owners think they are secure.

It also sounds like the Trojans are not yet embedded into the device firmware, but can be formatted away. That is probably the next step, make it so you can't get rid of them. The more I learn, the more I think WWW means Wild, Wild, Web.

[house-pundit.livejournal.com]

Unix? Secure? Bwahahahahahaha.

Anybody figure out how to get VM/CMS running on a laptop? :-)

[house-pundit.livejournal.com]

answer? Yes. of course. love the interweb.