Slashdot Mirror
Malware Distribution Through Physical Media a Growing Concern
twitter brings us a story about the increasing number of digital devices reaching consumers with malware already installed. In this case, digital photo frames from three different Sam's Club stores were found to contain the same type of malicious code. We discussed a similar problem with iPods a while back, as well as a more recent situation with Maxtor hard drives. Quoting the Register:
"While a compromise at the manufacturer is the most likely scenario, ISC's Sachs also pointed to retailers as a possible point of infection. Returned products, which could have been infected by the consumer, are frequently put back on the shelf, if they are in sale-able condition, and attackers could take advantage of a store's poor digital hygiene, he said. 'Trying to (infect a product) all the way back at the factory — getting it through all the checks and balances — would be pretty hard to do,' he said. 'But doing it at the store, where there might be loose return policies, and (where) they put it back on the shelf - you are not going to get a million infections, but you might get a person from an investment bank next door.'"
This is part of a reg file I run on every Windows machine I set up:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDROM]
"AutoRun"=dword:0000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000FF
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
Takes care of the autorun idiocy.
Nice try; according to TFA, Digital Photo Frames are small flat-panel displays for displaying digital images. TFA didn't specify, but it was implied that they were sold by mainstream retailers.
I bought a digital photo frame from Microcenter that was infected. I can't recall what the specific trojan was, but it was fairly benign in so far as it just replicated itself. As I recall it was a fairly old trojan and not very sophisticated... but none the less, it was on the brand new frame that was still sealed in the original factory stuff.
I told Microcenter about it and they were like "Huh." Didn't ask anything more, nor did they remove the frames or check them. I was somewhat pressed for time, so I didn't try going up the chain of management to get someone to acknowledge that there was a problem.
It's a good thing I found it though, since it was a gift for my technologicallly illiterate parents. I had taken it out of the package to load pictures up on it. If I had just given it to them directly, I'm not sure what would have happened. AVG caught it when it was plugged in via USB, so probably nothing drastic, except a phone call from my Dad asking me what the pop-up box meant.
Sophia, Bulgaria was the home of the Dark Avenger one of the most notorious virus authors in history. He was quite active during the 80386/80486 time period. Some interesting reading about what is known of him can be found in these links: http://en.wikipedia.org/wiki/Dark_Avenger http://www.research.ibm.com/antivirus/SciPapers/Gordon/Avenger.html http://www.wired.com/wired/archive/5.11/heartof.html http://findarticles.com/p/articles/mi_m1511/is_n2_v14/ai_13381563/pg_9
-- I'd give my right arm to be ambidextrous
The closest thing I know of to an official way of disabling autorun is to install Microsoft's powertoy TweakUI. As you might guess from the name, it gives you a GUI to tweak various aspects of the Windows user interface, including letting you turn off autorun. I've never had a problem with it.
Repton.
They say that only an experienced wizard can do the tengu shuffle.
By the way, like so many other Windows features, this one was copied from Apple. HFS CDs could have some flags set designating them as autostart CDs and a named file would be run when they were inserted. This 'feature' was used to spread a few Mac viruses in the '90s and was never added to OS X.
I am TheRaven on Soylent News