Slashdot Mirror
Digital Picture Frames Infected by Trojan Viruses
CR0WTR0B0T writes "The San Francisco Chronicle is running a story on viruses loaded into digital picture frames, similar to the ones we discussed at the end of last year. The difference is in the virus used: 'The authors of the new Trojan Horse are well-funded professionals whose malware has 'specific designs to capture something and not leave traces ... This would be a nuclear bomb of malware.' Apparently, a number of regular folks have hooked them up to their home computer and loaded the virus. And if you think you're too smart to be fooled, apparently the Anti-Virus software makers have not caught up to the threat quite yet."
The parent post links to GNAA's admirable "Last Measure" shock site.
Don't click the link, it's a malicious site.
this is my sig
- Run an OS that does not automatically try to mount devices, without user interaction.
- Run an OS that does not execute programs on devices once mounted, without user interaction but preferably not at all. (Autorun, I'm looking at you)
Although what doesn't seem to mentioned specifically is if the viruses are contained on the memory of the frames themselves (i.e. just like any other removeable drive) or whether they are on some sort of driver/bundle CD. It does seem to hint that it means the device itself, which begs the question how is it getting executed? Is there a setup.exe that autoruns like on certain brands of USB drive (DUMB IDEA OF THE CENTURY)? Are there infected data files like JPEG's that just so happen to allow execution of their code on certain OS's? Is there an actual executable that isn't supposed to be on there at all that autoruns or waits for the user to double-click it?
Either way, it's hardly a brilliant way to spread and only a dozen or so people seem to have been affected out of whichever country it's talking about (presumably the US). That sounds more like they had the virus already and it made its way onto their digital photo frames when they first connected them. Yes, it's a worry that malicious code could make its way onto a consumer device at the factory, but more at fault here are the OS and the user practices - we had all this back in the 80's/90's... don't take floppies off people you don't trust without scanning them first. Have we seriously come full-circle to the same dumb, preventable "problem"?
Where these virii are being placed on the devices is the big question. It must be someone who has access to the code or software installation process. Look at the manufacturer.
Oh, and run a *nix-based desktop.
Those who cannot remember the past are condemned to think "profiling is worse than the slaughter of innocent people..."
How many people does the author think use those silly picture frames?
Negative moral value of force outweighs the positive value of good intentions.
2. Computer Associates has traced the Trojan to a specific group in China
3. It spreads by USB drives
4. "It is a nasty worm that has a great deal of intelligence,"
Follow the money. My money's on an espionage tool from the Chinese government or its affiliated corporations. Let the flaming begin...I said "China" and "espionage" in the same sentence, I'm sure folks out there would like to lynch me just for even suggesting that there is such a laughable concept as espionage, or bash me for so-called China-bashing (which includes any criticism of China except those for human rights, that's OK).
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Just make sure nobody cares about or likes you enough to ever send you something so sappy.
:P
And before anyone says it, yes, yes, I'm in no danger...right.
Cheers!
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Do you want to be on the safe side and have some fun, too? Just make your custom DPF and install Linux on it. Here are some DIY instructions to make a digital picture frame from an old laptop or notebook. And here is a survey of Linux used on selfmade digital photo frames
Deborah Hale at SANS suggested that PC users find friends with Macintosh or Linux machines and have them check for malware before plugging any device into a PC.
Oh boy, you gotta love that bit. Amusing as the suggestion that Mac's and Linux "machines" are not PC's may be, do you realize just how damning of MS software this is? SANS, a security organisations basically says that if you don't trust a piece of hardware, then it is okay to plug it into a mac or linux machine, to test wether it is safe to plug it into a windows pc.
Is this like those warnings on tv, kids do not try this, if you want to do this experiment, get an adult to help you. Kids do not use windows blindly, if you do wish to add a new device, get someone with a real OS to help you out.
Oh well, to all the windows using women out there, remember, the standard rate for getting a guy to help you out is ONE blowjob. Please form an orderly cue.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
reboot the machine
reload the applications *
reformat/reinstall the OS *
revert to the previous version
but it must be fun cause we do it over and over and over and over and over and over and over and over and over.
My ism, it's full of beliefs.
....thinking.
Don't virus writers have better thens to do?
Unless they are vested in anti-virus software, whats teh point other than just causing countless people problems.
It is a solid revenue stream. If malware succeeds in installing, there is profit to be made from identity theft, theft of CD keys from games, grabbing virtual assets like MMO accounts and selling them (or using the account for EULA-breaking items until the account is permanently banned), blackmail, extortion, botnet making, spam zombies, and many other nasty things
Virus writing is highly profitable, each second a piece of malware goes unstopped on a machine is a second that the machine can continue to spew spam, spy on an internal network, or be a part of a DDoS attack.
Professionals, you say? I wonder what it costs to hire them. Let's ask the Chinese government, shall we?
I can't be the only one who thought of this: what if a virus took over the frames just to display the well known image on them, for amusement value? :)
-- Sig down
Since there are now so many network devices in the wild without an admin user interface, and without even an admin user (except maybe some $5 an hour warranty phone tech support dweeb), the wild needs an easy way to innoculate entire network domains against viruses. We should learn from nature how to keep viruses under control. In 5-10 years, practically every human will have 1-100 infectable devices, many of them in the critical path for their convenience, work, and even human health, so we've got to get this under wraps with that deployment explosion on the horizon.
I should be able to subscribe to an antivirus site that distributes inoculation viruses, just like in nature. Install it on my home/office server, and it gets updates which attack my own hosts the same way as the enemy virus does in the wild. But its attack payload is removed, replaced with a payload that patches the infected host against the attack virus. The home server should also scan the network's devices for other signs that they're already infected, including emailing me with instructions how to inspect each device for UI signs that it's infected with the attack vir And periodic (daily/weekly/etc) reports of "health status". When it detects a host, like a networked picture frame, that seems to be already infected but can't be autopatched, it can recommend further manual steps if possible, including wiping the host's storage if that will work. Or just recommend unplugging and throwing away a doomed host, perhaps with a mail-in "thorough treatment" by the antivirus vendor experts, if there's a chance to recover data and the device. Or just throw away a hopeless device.
There's a lot of talk lately about "good worms" which would cruise the Net just like "bad worms", but patch instead of infect. Since "patch vs infect" is in the eye of the human operator, that unsupervised release into the wild can easily go wrong. But this kind of managed release in each LAN, rather than just over the entire WAN (Internet), leaves the "doctor virus" compartmentalized - don't let it route between LAN segments. And more importantly, it leaves the vendor and the home user who started it each responsible, and accountable, for using it right. If it's made extremely simple to operate, with the most minimal user intervention required, this kind of product could really improve security without a lot of hassle. And make antivirus vendors a new ton of money.
--
make install -not war
It's the first thing I do when installed fresh copy of windows. I do this with TweakUI XP - it's download at MS site. Very handy little tool to make initial tuning.
- Arwen, I'm your father, Agent Smith.
- Well, you're just Smith, but my father is Aerosmith!
You can try to prevent all the attack vectors, but it has nothing to do with "the OS" or "the user", but it's more todays design of security. You can't guard yourself against malware in anyway, the only way to make it harder is not using a computer like normal people do, not allowing the normal vectors to be exploitable.
But if everyone used the computer this way, the attackers would just adapt.
The problem is homogenity, there is no one solution.
Why did I get this image of the picture frame displaying Condom ads?
Don't think like a robot.
Someone mod this guy Mega-insightful.
Oh the HORROR (MOVIE)!!! ;)
They should be banned...
Fun?
Justice is the sheep getting arrested while an impartial judge declares the vote void.
Say what? Whenever I want to sneak in somewhere and get away all quiet-and-subtle-like, my first thoughts are of atomic weaponry. Want to steal sensitive documents? Just detonate a small thermonuclear device and no one will even realize you were there, and you'll leave no traces (unless you count a loud bang, bright light, mushroom cloud, charred corpses, fallout and a spike in cancer rates and radiation levels).
Ninjas. Men in Black-style mindwiping. Cat burglar. Evil hypnotist. Lots of available analogies. Nuclear bomb ain't one of them.
.sig withheld by request
Clearly, this isn't true. It's on slashdot. Everything leaves traces.
Write your own Choose Your Own Adventure. http://www.freegameengines.org/gamebook-engine/
Nuclear bomb? Last i heard they left a trace.
---- Booth was a patriot ----
Protecting against these new computer viruses, which so far are aimed at PCs running Windows, is hard - and sometimes impossible.
Windows XP or Vista? Are the infection rates similar for the two operating systems? I just hate it when a virus or trojan is treated like a uniform infectious agent. There can be big differences in the infection rates even among Windows machines, depending on configuration.
Autorun is from the devil. Right up there with ActiveX in my book. I think it does point up how difficult it is to secure Windows in a connected environment. I have a token Windows box on the network but don't surf with it. And I don't connect outside devices to it...especially not now. Seems like the added storage and capability of connected devices gives the virus writers a sweetheart platform to launch an attack.
I wonder how many of those picture frames managed to make their way on to corporate networks? Some exec that wants his kids pictures on his desk. I've got a customer with one of them in his office, an older one. Probably not a problem but that's today. The future is rife with potential for this to turn into a really bad problem.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
- Run an OS that does not execute programs on devices once mounted, without user interaction but preferably not at all. (Autorun, I'm looking at you) Windows Server 2003?
...specific designs to capture something and not leave tracesIt is dangerous to be right when the government is wrong.
this reinforces why i don't believe we should be doing business with china. there is so much corruption in the government and workplace
Is it 5:30 yet?
I've found the best protection is software that tells you when other software is trying to dial home or send out anything.... on my Mac I use Little Snitch, on PCs I believe the best is Zone Alarm.
It doesn't rely on virus definitions or anything else. It only requires that you take a minute to think about whether the software which wants to connect is doing so at your request or has gone renegade. Now of course once you find that you've got something trying to get out you need to clean it, which is where an anti-virus app comes into play. You run it and if it does the job you're good to go.. if not, at least you know there is something wrong and can:
a) use a Deep Freeze type strategy to rollback to a known good version of your system
b) hunt it down or let a pro hunt it down for you or
c) reinstall or reimage
This also avoids the worst aspect of AV software.... the fact that it bogs your system down making it much less useful in general.
A fool throws a stone into a well and a thousand sages can not remove it.
The thing is that China is doing to the world, what America did to USSR (and still doing to the world); putting hidden viruses and back doors in our products. Who should be blamed for it? American companies who are building their products in China. After all, you can blame the individual who is working to help their father or mother land.
I prefer the "u" in honour as it seems to be missing these days.
You'll want to set the NoDriveTypeAutorun registry value in HKLM to 0xFF. This will disable Autorun/Autoplay for all device types. What's interesting, though, is that according to that article, the default configuration for Windows is to disable Autorun for removable disks that aren't "CD" devices. What's not clear is whether this digital picture frame actually does automatically run, or whether it requires the user to double-click on the device icon in Windows explorer. (The latter of which will run software on the frame, regardless of AutoRun settings).
However, if your goal is to make a change that is malware-resistant, forget it! If you've already got malicious code on your system, it's game over. It can make any software changes that it likes.
I got a picture frame as a gift, but honestly... how many of us would BUY one?
These picture frames typically have built in memory or require USB synching... what about 802.11 or bluetooth instead? Batteries?
Which brings me to my point.... the Nokia N800 is $200 and runs to 400 MHz, and can do all this and more. The Nokia N770 closed out at $125 (if you can still find one) and has the same relevant features.
Doesn't nature dynamically develop cures? Sure, we have learned to manipulate our immune system through deactivated viruses and bacteria, but our bodies produce the antibodies in most cases. As and example, many people get a minor cold via the standard flu shot. They do this because their body is developing an antibody.
For your idea to work, we would need an OS capable of detecting and eliminating the bad stuff, something that biological systems still have a hard time with. For example, a body's solution to common cold control involves physical evacuation (messy, uses lots of resources), heat generation (useless against most invaders), and finally, creation of a new T-cell(?) to fight the invader. Now, if you're willing to have greatly reduced functionality of you shiny new PC for a few months while it develops anti-bodies, and devote a large amount of storage to all the anti-bodies, it would be a great way to keep PCs safe.
"Well, good luck finding a judge that doesn't run a bestiality site."
This picture is safe for work. You just have to have a dirty mind to appreciate it.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Yes, I think I will for a moment.
When you insert a disc/plug in a device that includes an autorun app, Vista will ask you with a dialog if you would prefer to run the autorun, browse the device's files, or do nothing.
Granted, this won't protect from a true virus (as opposed to today's typical spyware/trojan apps) nor a user's own "clik da buttun" ignorance, but it's still much better than blindly running anything you throw at it.
McAfee still has it "Low-profiled:" http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=142518 ---
Is there truthfully anything that comes from China that makes trade with them worth it. ,pathetic U.N.! A real solution to a real problem.
So what if Wal~Mart goes belly up. Small business will thrive again.
The environment(at least wherever people quit trading with them) will be safer from discarded plastic goods with a life expectancy of hours.
If the world quits trading with China,yes,there will be a collapse.It will also be a chance for the Chinese to overthrow their government oppressive to the world in general and become functional world citizens with a chance at a REAL future.
Quit buying Chinese! Quit selling to the Chinese.Quit trading with those who hold out.
I don't starving them out as trade with the rest of the world would depend on their own choice.They can starve themselves but I don't believe they would.
Hear that
As far as virus and trojan writers and phishers in the real world go... Send 'em to a cold,technology free place forever.
script kiddies can be sent with the parents that didn't control their behaviour.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
At my college library, the computers are locked down in such a way that you cannot open an explorer window or command console and you do not have administrative rights. (That's a good thing). However, there are many programs lacking from their installations such that it limits the computers' usefulness. If you want to run a program off your flash drive because that software hasn't been installed on the computer, you can't even open explorer to find it.
When I plug in my U3 drive, the U3 menu autoruns and allows me to execute all of the applications I have installed on it. This includes PuTTY, Firefox, Pidgin, GIMP, VLC, QEMU, VNC, etc. etc. Sure, it's a security risk to these computers, but it's incredibly nice for me to be able to do it. And it's not like I am breaking the rules: they even issue these things to their student employees.
What do you slashdotters think about this? What would be a better solution? (besides asking teh library to install all of these applications on their computers)
Flamebait? Okay, tell me how I can inject trojan or viruses into my Mac only by attaching devices to it? There's no Goatse-like opening "as soon as something is inserted, check for an autorun script and run it".
Buy Intel, install OSX. Flamebait, really.
Making laws based on opinions that stem up from false informations leads to witch hunts.
Just because something is true doesn't mean you're not picking a fight. For instance, if someone were to call you a jackass it would be true, but would also likely lead to flames.
There's a few simple rules that you can follow to do this yourself:
1. Hardware router. I personally use pfSense, due to the necessary complexity of my home network, considering that I run my computer service business out of my home. Any consumer router will work, though, as long as it's got UPnP turned off, and the password's been changed.
2. Never, ever, ever plug an untrusted computer into your trusted network. See my point number 1. Customer machines are plugged into a completely separate subnet that is firewalled off from my trusted network.
3. Turn off everything like autorun, automatically find network shares, etc.
4. Secure your wireless. Mine's open, but it's even firewalled from my untrusted network. Use WPA-PSK, with a password that looks like this: awdfvA@#F54q2a3A#% Don't even think about using WEP. I've broken it in less than 30 minutes, and the longest it's ever taken me is 45. If you're wireless devices won't support WPA, replace them, or upgrade the wireless. A Startech PCMCIA card that supports WPA is only about $55 retail, so there's really no excuse.
5. Don't be a moron, and click on anything someone sends you. Even if you think they're really computer savvy. Even if you know they have functional antivirus software.
6. Anything that's of even remotely questionable trustworthiness, scan with an online scanner. But don't do it right away. Wait a week or two, then scan it, then run it. This is what I do with things like program cracks that people seem to get hosed with all the time. Download it from P2P, then let it sit for a week or so. Then scan it. If it's fine then, you're probably OK.
Some people tell me I'm paranoid, and they're probably right. But there are two people in the world that I know of that have never had a virus. Myself, and Bill Gates. And I'm sure Bill Gates probably runs antivirus software to prevent it.
"City hall" in German is "Rathaus" Kinda explains a few things......
And I'm assuming they are using a variation of the old "autorun" trick to infect the pc when it is plugged in.For those that have XP or Vista and wish to remove the risk of this trick,here is how.The nice thing about this is you can save it as a .reg file which you can send to clueless relatives and friends.Simply turning off autorun in the GUI doesn't work as bugs like this will turn it back on when connected.
ACs don't waste your time replying, your posts are never seen by me.
will lead you to this one on the first go.
As to today, then look at the 3rd one down. Also, look up CIA, USSR, and oil pipeline. Taking this a step further, then go visit at the CIA muesum.
What do you mean? Of couse AutoPlay and autorun are separate features! One is an annoying screen that tells me "I've noticed that you inserted a CD with no autorun, let me nag you about what to do" (maybe let me use it as I would?) and the other is a Goatse-like security black hole that would not be worse if it had been inserted just to execute arbitrary code without notice.
Making laws based on opinions that stem up from false informations leads to witch hunts.
IANAVU so I'm wondering if, after all this hoo-ha about Vista being more secure, does it _still_ have Autorun enabled on drives by default? It's one thing to add a security feature of debatable effect (UAC) but quite another to leave a gaping hole that everyone's been complaining about for years.
..."to all the windows using women out there, remember, the standard rate for getting a guy to help you out is ONE blowjob"
WTF!!
Idiots! Grow up.
The picture frame's mistake is that it is just a usb drive with most of the frame raster code/rules on the drive itself. So all a virus program would have to do is right over those programs. Maybe if the main engine to show raster files could also control write access to the usb drive thus allowing only say Jpg and other picture file types-- and this engine could be locked away in a non-writable ROM chip. That would make the frames even less of a virus threat than a normal usb drive, possibly.
I don't thing it would be as great a threat that China is spying if we simply have a government that knows how to put together computer networks. Years ago my firewall detected attempts by Commerce dept to enter my computer. I did research and determined that their Solarus servers were contaminated and trying to spread their contamination to other computers. I called around and got nothing but people on the phone... heads of computer operations... counter terrorism and other things none of whom knew a thing about the underlying technology in question. All they had to do was rebuild the contaminated servers in question and harden them for the threat. I mean it is literally insanely ridiculous how much the US government spends on computer systems per department and then we hear a story about some halfwit in England that breaks into a "major US military security system posing a grave threat to some of our most vital military systems" when virtually non of them should be web exposed and those that are should have competent Linux/Unix people running them. Trust me not one of the people I talked to running these systems was even remotely competent. Most of these vital systems on the web exposed end are put together so poorly it might as well be an open door with a neon sign saying "All Welcome". It's so bad one could literally accidentally invade a sensitive US government computer system. They really need to stop prosecuting teenager hackers who expose these horrible breeches in security. The major crime really is in the people that are administrating the agencies computer networks and security policies therein. That and we have a system of bribes to get government contracts etc--oh and Politicians well loads of problems we have ... My point is we could be much more secure.
What flavor of crap is that? Most nuclear bombs leave plenty of traces.
Engineering is the art of compromise.
I thought the headline meant that a digital picture frame sitting on grandmas mantle or in a shop window would be infected with malware that causes it to suddenly and unexpectedly show pornography or something.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
The "interesting article" link is not detected by LinkScanner as being malicious, but Finjan SecureBrowsing has analyzed the above web address as it currently exists on the web. The analysis indicates that: Potential virus behavior was detected on this page Detected virus name is Exploit.HTML.DialogArg McAfee SiteAdvisor reports: Browser exploit: Breached browser security When we browsed this site, it made unauthorized changes to our test PC. and the following user reports: User Review Summary for nimp.org This site is good (0) This site spams (0) Adware, spyware, or viruses (2) Excessive popups (3) Phishing or other scams (0) Bad shopping experience (0) Browser exploit (26) (NSFW) Example: avoid this site at all costs. when you first go on it, it shows a disgusting photo like pillowfight.jpg, and your computer won't respond to anything at all! not even the 3-finger salute! anyway, then it'll show at least 100 popups then it'll play in a quicktime audio thingee "HEY EVERYBODY I'M LOOKING AT GAY PORNO!!!" in rounds (kinda like when you sing in rounds, if you know what i mean).