Slashdot Mirror

← Back to Stories (view on slashdot.org)

Olympus Digital Camera Ships With a Worm

Posted by kdawson on from the do-not-get-too-close-to-the-viewfinder dept.

An anonymous reader writes "Olympus Japan has issued a warning to customers who have bought its Stylus Tough 6010 digital compact camera that it comes with an unexpected extra — a virus on its internal memory card. The Autorun worm cannot infect the camera itself, but if it is plugged into a Windows computer's USB port, it can copy itself onto the PC, then subsequently infect any attached USB device. Olympus says it 'humbly apologizes' for the incident, which is believed to have affected some 1,700 units. The company said it will make every effort to improve its quality control procedures in future. Security company Sophos says that more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer."

31 of 249 comments (clear)

  1. Dodged a bullet. by 0100010001010011 · · Score: 3, Funny

    Whew, glad my Canon doesn't mount itself as a external disk. Think of all the grief I've saved myself by having to launch something to get photos off of it.
    [/sarcasm]

    So, where did these cameras originate? China, Japan, Taiwan?

    1. Re:Dodged a bullet. by Anonymous Coward · · Score: 5, Insightful

      Didn't see it mentioned in the few dozen comments at the moment, but "more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled" blames the manufacturer of the drive, blames the consumer, but skirts around blaming the OS in question.

      I know it's somewhat passe to pick on an OS because it remains the one commonality in malware infections, but seriously, a design as defective as Autorun's implementation should be beaten with large sticks every chance we can get until it's a bloody pulp, or no more than a stain. Srsly.

    2. Re:Dodged a bullet. by denmarkw00t · · Score: 5, Insightful

      Someone mod this man up! I totally agree that blaming the OS is a bit passe, but Autorun is also the worst "feature" I've ever encountered - "Oh, you plugged something in that has a filesystem I understand? And an executable it wants me to run? Ok."

      Dumb.

    3. Re:Dodged a bullet. by grcumb · · Score: 4, Insightful

      Someone mod this man up! I totally agree that blaming the OS is a bit passe, but Autorun is also the worst "feature" I've ever encountered - "Oh, you plugged something in that has a filesystem I understand? And an executable it wants me to run? Ok."

      Who's blaming the OS? We're blaming the company that made the OS. The same company, by the way, that brought us ActiveX in Internet Explorer, executable attachments in Outlook, Word Document viruses, IIS prior to 7, and 'run as Administrator by default'.

      Dumb.

      Dumb, indeed.

      (I'm not even going to get into the myriad other objectionable actions and statements that they've indulged in since the beginning of the '90s. They're not germane to this discussion.)

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
    4. Re:Dodged a bullet. by Mr.+Freeman · · Score: 4, Insightful

      I turned autorun off on every computer I've ever had without much issue. That's windows 98, 2000, XP, vista, server '08, and win 7. All of them made it easy enough to turn it off. I'm not sure what the hell you're talking about.

      --
      -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
    5. Re:Dodged a bullet. by Bert64 · · Score: 3, Insightful

      That's the biggest problem, MS is able to release inferior products and then drive user's expectations down to match. When you tell people that they wouldn't have these problems using something else they don't believe you because it sounds "too good to be true".

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    6. Re:Dodged a bullet. by the_raptor · · Score: 5, Informative

      To turn USB autorun off on Windows XP you have to edit the registry. The GUI options do not apply to USB drives for some retarded reason.

      I was alerted to this when I bought a USB drive that came with autorunning software (to do encryption and other rubbish) and was surprised that it ran despite me turning autorun off as a part of standard configuration since the late 90's.

      --

      ========
      CINC, 4th Penguin Legion
    7. Re:Dodged a bullet. by petermgreen · · Score: 4, Informative

      edit: further for completely turning off autorun to be effective you must make sure you have a particular security update installed.

      http://support.microsoft.com/kb/967715

      the whole thing is a gigantic mess!

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
  2. With offshoring as it is... by sethstorm · · Score: 3, Funny

    Third World factories seem to keep on making these mistakes.

    You think they'd try making these in Japan, with full Japanese citizens making them for once?

    --
    Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
    1. Re:With offshoring as it is... by hedwards · · Score: 3, Interesting

      The problem there is that I don't think Japanese workers are any cheaper than American ones are. And in order to actually get any cost savings you have to overlook precautions and externalities. If you don't do that the price of production tends to be about the same no matter where you choose to fabricate the items.

    2. Re:With offshoring as it is... by newcastlejon · · Score: 3, Insightful

      How do we know the image for the card wasn't put together in Japan? The camera says Made in China, the software perhaps not.

      --
      If God forks the Universe every time you roll a die, he'd better have a damned good memory.
  3. Intentional or accidental? by Nemilar · · Score: 5, Interesting

    I hate to ask the obvious question, but the article doesn't address it -- could this be intentional, or is it accidental?

    I would imagine that some shady overboss would be willing to pay a relatively sizable amount of money (especially considering that the amount of money you'd have to pay someone in a Chinese factory to do this would not be very high) for the opportunity to infect potentially tens of thousands of computers.

    --
    Nemilar http://www.techthrob.com - Visit Me!
  4. Re:Keep It by couchslug · · Score: 4, Funny

    "So I took it back to Best Buy "

    I'd post AC too if were I admitting that. Eeew.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  5. So.. by Renraku · · Score: 4, Insightful

    What kind of compensation are the makers going to offer everyone who's system they hosed?

    --
    Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
  6. Seriously? by Anonymous Coward · · Score: 5, Insightful

    At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer."

    Seriously?

    It's getting to the point where running a computer is turning into a full time job. I need to scan every single product I buy before using it? Isn't that why I bother to pay a premium to get name-brand products from legitimate outlets?

    I'm annoyed that the ultimate time-saving device is becoming more and more of a chore. I'm expected to spend hours researching the ways in which to harden my browser against cookie tracking, to rate virus scanners using contradictory and confusing standards, to assess information that requires a degree in computer science everytime I want to get a PC game to work, to pull out my law degree everytime I use an online product or dive through an EULA, and now this?

    I mean come on, where's it going to end? Should I do independant surge tests on the next microwave I buy before plugging it in? What about my printer, does it need a scan too? Should I take my newly purchased tires to an independant assessor? How about that new CD I bought?
     

    1. Re:Seriously? by Saeed+al-Sahaf · · Score: 3, Insightful

      Should I do independant surge tests on the next microwave I buy before plugging it in?

      Does your microwave connect to your network?

      --
      "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
    2. Re:Seriously? by Anonymous Coward · · Score: 5, Insightful

      No, but it does connect to my electrics. Should I have to worry that every new gadget in my place is going to cause a fire? No, because we as a society decided that was not the way we wanted to live our lives and we adjusted the legal landscape accordingly.

    3. Re:Seriously? by indiechild · · Score: 4, Insightful

      Good points. This is why "appliance computing" ala iPad and the like will become increasingly popular over the next few years. Slashdot geeks will decry it as dumbed down computing for the unwashed masses, but in reality, it's computing made usable.

  7. Autorun?! by dido · · Score: 5, Insightful

    I wonder what bright soul at Microsoft thought it a good idea to extend autorun to all types of removable media. It was tolerable if annoying for CDs and DVDs, but it became downright dangerous once USB sticks and similar rewritable media were included. I wonder why they haven't decided to push an update that disables or limits the damage that this misbegotten feature can do.

    --
    Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
    1. Re:Autorun?! by bragr · · Score: 4, Interesting

      At the single biggest security problem at the place were I work. We tried disabling it, but we had too many problems of people putting in flash drives or cd and the stupid flash based window not popping up like it did "on their home computer" and that "their computer was broken." Sometimes, its just easier to clean up afterwards, then to preempt it and deal with people complaining.

    2. Re:Autorun?! by rudy_wayne · · Score: 4, Insightful

      At the single biggest security problem at the place were I work. We tried disabling it, but we had too many problems of people putting in flash drives or cd and the stupid flash based window not popping up like it did "on their home computer" and that "their computer was broken."

      So your employees are too stupid/lazy to learn how to use a computer. Either train them or fire them.

    3. Re:Autorun?! by robthebloke · · Score: 4, Insightful

      The OP didn't say anything about employees - he said workplace. Every worked in a university? It's far easier to ghost the machines at the end of every day or session than deal with hundreds of queries a day from the vast majority of the 20,000 students who struggle to understand the basic concepts of computer security.

  8. Re:I have a standard policy by Anonymous Coward · · Score: 4, Informative

    Unnecessary unless you use an ancient decade-plus-old Windows version. Vista and 7 stop this attack automatically by displaying the Autoplay dialog when a new device is inserted.

    In fact, Windows 7 removes the ability entirely to manually execute Autorun from a flash drive.

  9. Criminal penalties are necessary by grahamsaa · · Score: 4, Insightful

    Civil and criminal penalties should be imposed on manufacturers that ship hardware that's pre-loaded with malware. As of right now, there are no consequences, which means that this will continue to happen. The only remedy that will stop, or at least curb this behavior is serious civil or criminal charges.

    Companies may blame this on outsourcing, but they have chosen to outsource. They may blame it on poor quality control, but quality control is their responsibility! There is no excuse for this, and the executives that make decisions that lead to this type of security hole must be held accountable. I wish I could say that I was surprised by this news, but I'm not. It's commonplace. And until hardware and software companies are held accountable, this will continue to happen.

    --
    Facts have a liberal bias.
  10. Olympus' warning... by by+(1706743) · · Score: 3, Funny
    ...is pretty funny when translated from the original Japanese (translated from Chrome):

    For the customers you have the appropriate product is in trouble indeed grateful, bon appétit do so as follows: anti-virus support, thank you.

    Translation issues aside, they do 'fess up honestly:

    Cause

    The lack of production management, computer virus has been contaminated with the camera.

  11. But Sony said to run it by linebackn · · Score: 3, Interesting

    "At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware before they use it on their computer"

    But what if that malware, as it seemingly often is these days, is an actual intentional part of a product?

  12. A system has to load the image over usb! by Joe+The+Dragon · · Score: 3, Insightful

    A system has to load the image over usb! so maybe that system has a worm on it.

  13. As usual the real problem is unnecessary crap by rudy_wayne · · Score: 4, Insightful

    but if it is plugged into a Windows computer's USB port, it can copy itself onto the PC, then subsequently infect any attached USB device.

    Why isn't the memory card formatted and completely blank?

    consumers should learn to always ensure Autorun is disabled,

    No, companies should stop selling memory cards with unnecessary crap installed.

  14. Why can't MS make the radical decision? by Ilgaz · · Score: 3, Informative

    On a fully secured (DEP, non Admin account, all updates) Windows machine, I can see "quarantined" items which all appear to be "autorun.xxx.worm" , pick anything you like. It is already out of hand.

    If something happened like this on Apple OS X land, Apple would roll out an operating system update and disable Autorun. Perhaps, they could show a help document about installing applications with double clicking.

    Shrink wrapped/boxed software is _dead_. Even if it is not dead, it is trivial to add the "install software" control panel back. Just a line needed to be on box or "driver cd". That is all. It won't be the first time some convenience is given up for security. How many times people install the same software anyway?

  15. Re:Linux by Ungrounded+Lightning · · Score: 3, Funny

    Jesus, don't you guys ever get tired of bashing windows?

    Not as long as the ongoing barrage of malware built on Windows bugs continues and the PHBs of the world keep shoving Windows "solutions" down our throats at work while the bulk of computer-using humanity continues to use it at home.

    Once it's no longer a blight on humanity we'll stop telling everybody what a blight on humanity it is. (Maybe we'll occasionally reminisce about what a blight on humanity it WAS, once that utopia arrives. B-) )

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  16. Copies itself via drive letter by DigiShaman · · Score: 3, Informative

    I've ran into this worm before (or one like it). One of my clients got an external HDD full of video data. They're into video production (not porn), so often they will require data from their clients. Anyways, this worm hides in a fake Recycle Bin folder which is executed by the autorun.inf file. In turn, the infected PC will replicate to all possible drive letters. Once on a server share, all other clients will soon get infected.

    It's real annoying. But if all your PCs and Servers have an up-to-date anti-virus scanner, it they should now all prevent from getting infected.

    --
    Life is not for the lazy.