Olympus Digital Camera Ships With a Worm

An anonymous reader writes "Olympus Japan has issued a warning to customers who have bought its Stylus Tough 6010 digital compact camera that it comes with an unexpected extra — a virus on its internal memory card. The Autorun worm cannot infect the camera itself, but if it is plugged into a Windows computer's USB port, it can copy itself onto the PC, then subsequently infect any attached USB device. Olympus says it 'humbly apologizes' for the incident, which is believed to have affected some 1,700 units. The company said it will make every effort to improve its quality control procedures in future. Security company Sophos says that more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer."

Intentional or accidental?

[Nemilar]

I hate to ask the obvious question, but the article doesn't address it -- could this be intentional, or is it accidental?

I would imagine that some shady overboss would be willing to pay a relatively sizable amount of money (especially considering that the amount of money you'd have to pay someone in a Chinese factory to do this would not be very high) for the opportunity to infect potentially tens of thousands of computers.

Re:Intentional or accidental?

[shadowbearer]

  Without more information as to what exactly the worm does, I can only speculate, but I'd bet that it's a trojan downloader or something else that brings in more malware, and that it was planted on some of those cards by a blackhatass who happens to work in their factory. The fact that it's only on a small portion of the cameras seems to indicate one individual somewhere on the production line.

  In any case it's not likely much of a threat if the users who get those cameras have decent AV software installed. Autorun trojans are fairly easy to detect IIRC.

SB

 

Re:With offshoring as it is...

[hedwards]

The problem there is that I don't think Japanese workers are any cheaper than American ones are. And in order to actually get any cost savings you have to overlook precautions and externalities. If you don't do that the price of production tends to be about the same no matter where you choose to fabricate the items.

I have a standard policy

[bragr]

Every piece of new writable media gets formated immediately. I also have autorun killed on all my windows boxes.

Re:I have a standard policy

You should go further.

After your new writable media gets formatted you should create a directory called "autorun.inf", put a dummy file in it, and make both read-only. Most worms aren't (yet) smart enough to check whether an autorun.inf file already exists, let alone if a directory with a the same filename exists with a file in it that also has to be deleted, or that they are read-only. Most of them just blindly write their own autorun.inf file to the device. Thus, when they try to infect the device the worms usually fail.

Of course, it's probably only a matter of time before they get sophisticated enough to check first and deal gracefully with the problem, but for now it works splendidly to immunize removable devices you might plug into machines that are already compromised and that you have no control over (e.g., friend's machines). On all the worm-infected machines I've experimented with, nothing happens, although sometimes the worm tries to drop its payload into the Recycler directory as a hidden file, which will do nothing if it isn't activated by the autorun.inf file (or you're foolish enough to double-click it). You can then just delete it. Alternatively, you can also create a Recycler file rather than a directory, and make it read-only, which defeats that attempt too.

Re:Autorun?!

[bragr]

At the single biggest security problem at the place were I work. We tried disabling it, but we had too many problems of people putting in flash drives or cd and the stupid flash based window not popping up like it did "on their home computer" and that "their computer was broken." Sometimes, its just easier to clean up afterwards, then to preempt it and deal with people complaining.

But Sony said to run it

[linebackn]

"At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer"

But what if that malware, as it seemingly often is these days, is an actual intentional part of a product?

Re:But Sony said to run it

[mcgrew]

And even if it isn't an intentional part of a product (I, for one, will never buy anything ever again with Sony's name on it; my daughter installed XCP on my computer, trusting that "reputable" company), I shouldn't have to worry about getting malware from a reputable company. I shouldn't have to scan a goddamned camera.

Autorun became the absolute comedy

[Ilgaz]

Recently I helped a friend who had 1TB disk formatted in FAT32 to convert it to HFS+ Journaled. As I image the disk, I notice some really strange things, like .exe files in Pictures folder, the _hard disk_ itself having autorun.exe. It is not some Taiwanese invention either, it is the Western Digital.I believe it is one of the most expensive ones.

It turns out, WD _idiots_ had this great idea of installing their USB drivers named something TURBO (no kidding!) who are supposed to speed up the drive transfer. I bet it does some cache hacks etc. It also does some very unwelcome things like adding itself to startup, not removing itself automatically (of course!), does trivial and dangerous hack of adding some "WD" logo to OS X icon of the drive. OS X, of course doesn't have autorun functionality, I believe on Windows, that drive is the ultimate driver hell machine which will _also_ install couple of viruses!

That is one of the most prestigious Hard Disk manufacturers. Just imagine what those no name freaks do.

The rest of files? Some really bad worms who _all_ uses autorun functionality. If I was responsible for security of Windows, I would really say "please, get a life" to those autorun loving companies and disable it the next day. Just output of ClamAV scan for that disk should make anyone who did anything about security alerted.

  MS spent billions for security and fixing their image and yet, they just can't give up the absolutely stupid idea of automatically running an executable.

Re:As usual the real problem is unnecessary crap

[digitalhermit]

Why isn't the memory card formatted and completely blank?

Because it's getting more convenient for the user if the manufacturer ships the software on the device. Many laptops do not have CDROM drives. It can also save on packing costs not just for one unit, but for thousands of units. It allows more recent software to be shipped since and update doesn't require another CD manufacturing run..

  No, companies should stop selling memory cards with unnecessary crap installed.

No argument there.

It happened on Apple first.

[Ungrounded+Lightning]

If something happened like this on Apple OS X land, Apple would roll out an operating system update and disable Autorun. Perhaps, they could show a help document about installing applications with double clicking.

There were Apple viruses as of the original Macintosh, which had a similar feature for automatically loading drivers, software updates, and such.

They've been there, had that done to them, and moved on.

For some reason it took Microsoft decades to get the same message.

Re:Windows 7!

[mlts]

This is how I fix it:

Start->Run->gpedit.msc
Local Computer Policy->Administrative Templates->Windows Components->AutoPlay Policies
Turn off Autoplay -> Enabled, all drives
Don't set the always do checkbox -> Enabled
Turn off AutoPlay for non volume devices -> Enabled
Default Behavior for AutoRun -> Enabled, set do not execute any autorun commands
gpupdate /force

My beef is why this is not the default on all Windows machines. AutoPlay and AutoRun are separate entities, so one needs to make sure both are disabled.