Slashdot Mirror
Digital Picture Frames Infected by Trojan Viruses
CR0WTR0B0T writes "The San Francisco Chronicle is running a story on viruses loaded into digital picture frames, similar to the ones we discussed at the end of last year. The difference is in the virus used: 'The authors of the new Trojan Horse are well-funded professionals whose malware has 'specific designs to capture something and not leave traces ... This would be a nuclear bomb of malware.' Apparently, a number of regular folks have hooked them up to their home computer and loaded the virus. And if you think you're too smart to be fooled, apparently the Anti-Virus software makers have not caught up to the threat quite yet."
Where these virii are being placed on the devices is the big question. It must be someone who has access to the code or software installation process. Look at the manufacturer.
Oh, and run a *nix-based desktop.
Those who cannot remember the past are condemned to think "profiling is worse than the slaughter of innocent people..."
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Since we're all for China bashing, have a look at the U.S. - China Economic and Security Review Commission's 2007 report to congress, which states, "Chinese espionage activities in the United States are so extensive that they comprise the single greatest risk to the security of American technologies". Add to that the MI5's recent warning that big EU firms were being targetted for web-based espionage, and the lynch mob might have to drop their pitchforks and go think this thing over. I might sound a little redundant because I've made mention of this before, but as an information assurance tech working in the field (Operation Iraqi Freedom to be exact), the whole bash-the-China-basher thing resonates. Make no mistake about it--China is using the web to actively target the US military-industrial complex, as well as key commercial and civil interests. There are numerous statements from the Pentagon which allude to this, although the often classified nature of threat-specific information demands ambiguity. Lots (and I mean lots) of recent activity might change that though.
Here's a real-world example of why it might be 'useful'. Dental hygienists often work part time for a single dentist (full-time over multiple offices) and their patient room is used by someone else when they're not there. So, they usually take their pictures/diplomas off the wall when they leave for the last day of the week, and the other person puts theirs up. Also, consider that many of these patients have been going to the same dentist for >20 years - they know the employees, and want to see the new pictures. That frame allows a few hundred pictures to be in the same spot, and come down easily at the end of your mini-week.
At least, my mom thinks so. In the end, that's the key thing to remember about specialized technology - there is/should always be a niche it fills, and it's most profitable when niche > 1. Nearly nothing is too esoteric to be useful to someone - ask me to show you some of the glassware in my chem lab!
Be careful of your thoughts; they could become words at any minute...
Autorun functions on most (any?) usb device with autorun.inf. You don't have to enable it.
Run procmon when you plug in a usb storage device, watch and see.