Once it became clear that there was big money to be made in malware it was only a matter of time before it started getting really sophisticated and some of the worst of the worst are being developed in China:
An insidious computer virus recently discovered on digital photo frames has been identified as a powerful new Trojan Horse from China that collects passwords for online games – and its designers might have larger targets in mind.
“It is a nasty worm that has a great deal of intelligence,” said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse.
The virus, which Computer Associates calls Mocmex, recognizes and blocks antivirus protection from more than 100 security vendors, as well as the security and firewall built into Microsoft Windows. It downloads files from remote locations and hides files, which it names randomly, on any PC it infects, making itself very difficult to remove. It spreads by hiding itself on photo frames and any other portable storage device that happens to be plugged into an infected PC.
The authors of the new Trojan Horse are well-funded professionals whose malware has “specific designs to capture something and not leave traces,” Grayek said. “This would be a nuclear bomb” of malware.
In fact quite a few people found themselves infected with this and several other trojans after plugging in digital picture frames they got for Christmas:
The initial reports of infected frames came from people who had bought them over the holidays from Sam’s Club and Best Buy. New reports involve frames sold at Target and Costco, according to SANS, a group of security researchers in Bethesda, Md., who began asking for accounts of infected devices on Christmas Day. So far the group has collected more than a dozen complaints from people across the country.
The new Trojan isn’t the only piece of malware involved. Deborah Hale of Sans said the researchers also found four other, older Trojans on each frame, which may serve as markers for botnets – networks of infected PCs that are remotely controlled by hackers.
There’s at least one part of this article that I’m sure will delight owners of Macs and Linux based PCs:
Deborah Hale at SANS suggested that PC users find friends with Macintosh or Linux machines and have them check for malware before plugging any device into a PC.
Let the gloating begin.
Things are likely to get worse before they get better as the malware authors are pumping out new code at a pace fast enough that the anti-virus companies are having trouble keeping up. According to Prevx there are already 67,500 variants of the trojan talked about in the article. Right now it appears this trojan only steals passwords to some MMORPGs, but it’s thought that it’s a test run in preparation for something more insidious.