Chinese malware threat uses digital picture frames to hide.

Once it became clear that there was big money to be made in malware it was only a matter of time before it started getting really sophisticated and some of the worst of the worst are being developed in China:

Virus from China the gift that keeps on giving – sfgate.com

An insidious computer virus recently discovered on digital photo frames has been identified as a powerful new Trojan Horse from China that collects passwords for online games – and its designers might have larger targets in mind.

“It is a nasty worm that has a great deal of intelligence,” said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse.

The virus, which Computer Associates calls Mocmex, recognizes and blocks antivirus protection from more than 100 security vendors, as well as the security and firewall built into Microsoft Windows. It downloads files from remote locations and hides files, which it names randomly, on any PC it infects, making itself very difficult to remove. It spreads by hiding itself on photo frames and any other portable storage device that happens to be plugged into an infected PC.

The authors of the new Trojan Horse are well-funded professionals whose malware has “specific designs to capture something and not leave traces,” Grayek said. “This would be a nuclear bomb” of malware.

In fact quite a few people found themselves infected with this and several other trojans after plugging in digital picture frames they got for Christmas:

The initial reports of infected frames came from people who had bought them over the holidays from Sam’s Club and Best Buy. New reports involve frames sold at Target and Costco, according to SANS, a group of security researchers in Bethesda, Md., who began asking for accounts of infected devices on Christmas Day. So far the group has collected more than a dozen complaints from people across the country.

The new Trojan isn’t the only piece of malware involved. Deborah Hale of Sans said the researchers also found four other, older Trojans on each frame, which may serve as markers for botnets – networks of infected PCs that are remotely controlled by hackers.

There’s at least one part of this article that I’m sure will delight owners of Macs and Linux based PCs:

Deborah Hale at SANS suggested that PC users find friends with Macintosh or Linux machines and have them check for malware before plugging any device into a PC.

Let the gloating begin.

Things are likely to get worse before they get better as the malware authors are pumping out new code at a pace fast enough that the anti-virus companies are having trouble keeping up. According to Prevx there are already 67,500 variants of the trojan talked about in the article. Right now it appears this trojan only steals passwords to some MMORPGs, but it’s thought that it’s a test run in preparation for something more insidious.

16 thoughts on “Chinese malware threat uses digital picture frames to hide.

  1. Deborah Hale at SANS suggested that PC users find friends with Macintosh or Linux machines and have them check for malware before plugging any device into a PC.

    LOL!!! Damn right this delights me!!! That just made my day.

    Let the gloating begin.

    I was going to bust in a tirade about how much better Linux is over M$. But instead I offer you my Linux Boot CD to fix your M$ woes.  LOL

    On a more serious note this virus is pretty scary. Which is why we should stop jailing these hackers and instead pay the damn good money to help us protect ourselves from the other hackers.

  2. Do they not send a bill to the family of the executed criminal in China for the bullet used to execute said criminal? I just hope they also charge for the postage.  cool grin

  3. I think this might be what I had – my computer only worked after removing my flash drive, my virus checker only noticed it after an update, and there were a total of 5 items (so had the markers).

    I’m OK now, at least I think

  4. Perhaps I’m being naive, but isn’t there such a thing as corporate accountability here, starting with Target and Costco, and extending to the manufacturers of the digital picture frames?  Shouldn’t they be liable for any costs accrued in getting rid of this malware?

    And isn’t this at the same time a business opportunity for companies who offer guaranteed non-infected frames?  Just curious.

  5. It would be tough to guarantee non-infected frames.  You’re a buyer for, let’s say Target, and you get a promise from your supplier in China to send only non-infected frames.  You check the samples; they’re clean.  You pay to have them spot-checked – is the checking process reliable?  Then customers get a trojan and blame the frame (calling their lawyer of course).  And for all your trouble, you’re getting sued and you’re stuck with a zillion frames that are a dollar more expensive than the ones at Wal-Mart so nobody’s buying them.  So you mark them down to a loss to get rid of them.

  6. As a Mac user, I would gloat…. if I knew what these “viruses” and “malware” you speak of were.

    OK, I have a question for the Linux and Mac users that have commented. Do those systems actually offer any real protection against viruses (any more than a well protected PC with say…Norton AV), or is there just not enough care in the hacker world to bother writing malware for OS’s that have so few users as of yet?

  7. I have a question for the Linux and Mac users that have commented. Do those systems actually offer any real protection against viruses (any more than a well protected PC with say…Norton AV), or is there just not enough care in the hacker world to bother writing malware for OS’s that have so few users as of yet?

    Yes a Unix type operating system does offer better protection against many forms of malware. I’m not attempting to explain it here, but a short version is the OS is better designed, esp when it comes to security.

    And yes a windows systems Properly set up and with the right tools can be very secure. I use windows too and have NO fear of any malware or virus of any kind. I study stuff like that for amusement sake. But most common users can not do that.

    And btw Norton AV is a piece of crap and I would almost consider it malware. I certainly advise you to get rid of that.

    And for hackers not caring, you obviously don’t understand hackers. ANYONE that wrote a successful Linux virus that actually spread in the wild (with superuser rights…otherwise its a pathetic not truly destructive virus) would immediately be elevated to hacker godhood. Hackers care, Academia cares, Computer security specialists cares and yet aside from a few rather pathetic POC viruses no successful linux virus has ever been created.

    And for the record linux has many users you HAVE to count web servers, duh. A virus or malware spread thru Google would be a black hat hackers wet dream.

    Does linux have some security flaws that may be exploited, certainly. It has in the past. But these are fixed really quickly. No complex program is bug free.

  8. OK, I have a question for the Linux and Mac users that have commented. Do those systems actually offer any real protection against viruses (any more than a well protected PC with say…Norton AV), or is there just not enough care in the hacker world to bother writing malware for OS’s that have so few users as of yet?

    Good question. I’m a photographer, so I don’t know the answer. I just know that I’ve been on a Mac almost exclusively for about 18 years and I’ve had one virus. I don’t remember it’s name, but it was spread though service bureaus back when we moved everything around on ZIP disks.

    I may not understand the mind of the hacker, but it seems like there would be at least a couple kids out there with a lot of time on their hands that would take the time to very easily dispel the Mac OS and Linux virus security rumors. If it’s just as easy as it seems to be in Windows, then wouldn’t they do it just to prove a point?

  9. Zilch, DOF,

    That’s the point – if capitalism wasn’t so godamn competitive, and the Chinese so uncaring of mid- and long-term damage to their reputation (“Ah, we’ll just open another company if this one gets a bad rep!”) then this would be a disincentive.

    As it is, the makers in China (even if they ain’t in on it) have not enough incentive to prevent such things from happening. They are chugging out cheap mass products – you don’t buy picture fframes for their brand name (which would then have to be protected from such a shame as being infected with a virus).

    I keep telling people that buying shoddy, cheap stuff (whether food or a stereo) hurts more than it helps (by saving money) in the long run. I can understand why people who haven’t got much cash do it, but for somebody who can afford the 10-30% more that is all it takes to jump from “works now, MAY work tomorrow” to “works like a charm for years”, it all seems a bit like stupidity (not to speak of digging the grave of the manufacturing industry of your own country). Buying cheap only speeds up the downward spiral in pretty much everything (quality, wages, job security, ecological production, legality).

    Sorry for the rant – the matter is a bit of a prickly point with me. Doesn’t help that the usual response I get when trying to explain this to people is “You have too much money!”

  10. Ingolfson- Amen to that.  To “don’t buy cheap” I would add “don’t buy crap you don’t really need”.

  11. This is my “rule of ice cream” that I try but forget to live by.  It is that one should only eat ice cream that one really, really likes.  Pass the cheap stuff by.

    Still working on that one.

  12. OK, I have a question for the Linux and Mac users that have commented. Do those systems actually offer any real protection against viruses (any more than a well protected PC with say…Norton AV), or is there just not enough care in the hacker world to bother writing malware for OS’s that have so few users as of yet?

    First get rid of Norton…

    Others have done a good job of answering this one. Many Windows users will tell you it’s because everyone is using Windows, so more destruction this way because of numbers. But I agree with Starhawk Laughingsun on this one, Godhood is certainly coming to any hacker that takes out Google, so shear numbers don’t explain it.

    I think it’s really because the Linux filesystem is more secure as is the kernel. And it will always be this way as long as M$ is closed source. With closed source systems you have only the power of the number of programmers you can hire. With open source you have the power of anyone in the world that feels like helping out an open source project.

    Here’s a good link on Linux Filesystem Explained… In Windows you have different partitions that get a different drive letter under “My Computer”. In Linux you have a hierarchical structure for everything. So you have “/” which is referred to as “root” and then you can map certain folders to any partitions. This is nice because in Linux it’s really easy to map your home directory to a different partition. Which means you can kill your install as many times as you like without loosing your desktop, user account settings, or even shell command history.

    Here’s the thing that gets me about Linux kernel though. There is soooooo much information on the web about and there are plenty of guides for manipulating it, but yet there are still very few security risks, viruses, malware, and other crap. Whereas with Windows, the architecture is very closed off and finding information on manipulating the Windows kernel is more tricky. Plus I think it’s illegal to recompile the Windows kernel (even if you could) for your system.

    Anyways, below are some good links on Linux and understanding it. The wiki article is probably one of the best.

    Wikipedia has a good article

    IBM’s take… not so much Barny-speak, but pretty good explanation.

    Open Source Linux Kernel Book

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.