Malware Distribution Through Physical Media a Growing Concern

twitter brings us a story about the increasing number of digital devices reaching consumers with malware already installed. In this case, digital photo frames from three different Sam's Club stores were found to contain the same type of malicious code. We discussed a similar problem with iPods a while back, as well as a more recent situation with Maxtor hard drives. Quoting the Register: "While a compromise at the manufacturer is the most likely scenario, ISC's Sachs also pointed to retailers as a possible point of infection. Returned products, which could have been infected by the consumer, are frequently put back on the shelf, if they are in sale-able condition, and attackers could take advantage of a store's poor digital hygiene, he said. 'Trying to (infect a product) all the way back at the factory — getting it through all the checks and balances — would be pretty hard to do,' he said. 'But doing it at the store, where there might be loose return policies, and (where) they put it back on the shelf - you are not going to get a million infections, but you might get a person from an investment bank next door.'"

1990 called...

[Wonko+the+Sane]

and it wants its headline back.

(yes I know this is a different story than back then, but it's the same headline)

Re:Stupid idea

[jo42]

This is part of a reg file I run on every Windows machine I set up:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDROM]
"AutoRun"=dword:0000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000FF

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff

Takes care of the autorun idiocy.

Re:Pretty bad when photo frames spread computer vi

[Secrity]

Nice try; according to TFA, Digital Photo Frames are small flat-panel displays for displaying digital images. TFA didn't specify, but it was implied that they were sold by mainstream retailers.

I got one of these!

[NitroWolf]

I bought a digital photo frame from Microcenter that was infected. I can't recall what the specific trojan was, but it was fairly benign in so far as it just replicated itself. As I recall it was a fairly old trojan and not very sophisticated... but none the less, it was on the brand new frame that was still sealed in the original factory stuff.

I told Microcenter about it and they were like "Huh." Didn't ask anything more, nor did they remove the frames or check them. I was somewhat pressed for time, so I didn't try going up the chain of management to get someone to acknowledge that there was a problem.

It's a good thing I found it though, since it was a gift for my technologicallly illiterate parents. I had taken it out of the package to load pictures up on it. If I had just given it to them directly, I'm not sure what would have happened. AVG caught it when it was plugged in via USB, so probably nothing drastic, except a phone call from my Dad asking me what the pop-up box meant.

That "idiot" in Bulgaria was probably no idiot...

[i)ave]

Sophia, Bulgaria was the home of the Dark Avenger one of the most notorious virus authors in history. He was quite active during the 80386/80486 time period. Some interesting reading about what is known of him can be found in these links: http://en.wikipedia.org/wiki/Dark_Avenger http://www.research.ibm.com/antivirus/SciPapers/Gordon/Avenger.html http://www.wired.com/wired/archive/5.11/heartof.html http://findarticles.com/p/articles/mi_m1511/is_n2_v14/ai_13381563/pg_9

Re:It's only a problem if you use Windows.

"Its rare you hear of a Windows infection. Those Linux users need to get with the program if they ever want to gain the desktop." - by Anonymous Coward on Sunday January 13, @11:25AM (#22025570) True, if they did this stuff, here:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA + make it "fun" to do:

http://www.security-forums.com/viewtopic.php?t=50567&sid=c8b24a76a3974ec9bef2bed38c4b64d4 :)

* Windows CAN be secured very well, with a bit of effort, for years of security, even online, for years into the distance if you try what's in that URL above!

It works - & for a small investment of your time, only, & the work done by YOU, only!

(Simply by using the CIS Tool as your guide & advisor (it's been reviewed as legit & good @ what it does by places like COMPUTERWORLD for instance, & that gets cited on this site quite often)).

APK

P.S.=> A little common sense goes a long way too, but... either you have that? OR, you don't, I suppose, but... I can say it has kept this system setup on Windows Server 2003 SP#2 fully hotfix patched currently, up & running bug-free + bulletproof, online, since 2003. It just works, keeping you safe & secure online, by following a few simple rules really, PLUS, yet making you surf, FASTER, by far as well as a side effect bonus... apk

Re:It's only a problem if you use Windows.

I wouldn't be at all surprised if your Windows 2003 Server installation was compromised years ago. You just don't realize that it's compromised because Windows so limits the ability of developers to develop the security utilities equivalent to those that come standard with UNIX systems.

Neither solution works.

[Ungrounded+Lightning]

1) Right before the equipment is put in the box it should have its memory reset to factory condition AND have the firmware compared to what it should be.

This will offer some protection against factory sabatoge.

No it won't - if the "factory sabotage" consisted of (deliberately or accidentally) having malware as part of "what [the firmware] should be".

2) Any time a unit is returned it should be reset to factory condition.

This will take care of shoppers who buy, infect, and return merchandise.

And how is a reailer supposed to do this? Do you know of ANY product that comes with a (true) "reflash to factory status" utility that doesn't depend on what's in the device itself - let alone a cross-industry standard for this? (And you can't trust the media returned with the device, either. If it's writable it also needs "resetting" - and if it's read-only it needs replacing with a fresh copy.)

Re:Autorun is evil

[Repton]

The closest thing I know of to an official way of disabling autorun is to install Microsoft's powertoy TweakUI. As you might guess from the name, it gives you a GUI to tweak various aspects of the Windows user interface, including letting you turn off autorun. I've never had a problem with it.

Re:Stupid idea

[TheRaven64]

Ask an engineer of any other operating system about autorunning executable code from just any media that's inserted and they'll look at you like you've been taking crazy pills. The feature was introduced back in 1995. At this time, there were two kinds of removable drives in the average computer; floppy drives and CD-ROM drives. CDs could only be commercially pressed cheaply in large batches and so could be considered trusted. Floppy disks could be written by anyone, and so were not. This made sense until CD writers became cheap, at which point it became an easy virus transmission vector. Enabling it for read-write media was just brain-dead.

By the way, like so many other Windows features, this one was copied from Apple. HFS CDs could have some flags set designating them as autostart CDs and a named file would be run when they were inserted. This 'feature' was used to spread a few Mac viruses in the '90s and was never added to OS X.