×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Digital Picture Frames Infected by Trojan Viruses

Zonk posted more than 6 years ago | from the watch-where-you're-buying-things-from dept.

Security 174

CR0WTR0B0T writes "The San Francisco Chronicle is running a story on viruses loaded into digital picture frames, similar to the ones we discussed at the end of last year. The difference is in the virus used: 'The authors of the new Trojan Horse are well-funded professionals whose malware has 'specific designs to capture something and not leave traces ... This would be a nuclear bomb of malware.' Apparently, a number of regular folks have hooked them up to their home computer and loaded the virus. And if you think you're too smart to be fooled, apparently the Anti-Virus software makers have not caught up to the threat quite yet."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

174 comments

For more information (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22444500)

There's an interesting article [nimp.org] on the blog.

MOD PARENT DOWN: Shock site (4, Informative)

CRCulver (715279) | more than 6 years ago | (#22444504)

The parent post links to GNAA's admirable "Last Measure" shock site.

WARNING: GNAA (1, Troll)

SirBudgington (1232290) | more than 6 years ago | (#22444506)

Don't click the link, it's a malicious site.

Re:WARNING: GNAA (1)

MrKaos (858439) | more than 6 years ago | (#22444604)

Don't click the link, it's a malicious site.
Lucky I wasn't browsing as root, I could have been in *real* trouble.

Well... (4, Insightful)

ledow (319597) | more than 6 years ago | (#22444526)

- Run an OS that does not automatically try to mount devices, without user interaction.
- Run an OS that does not execute programs on devices once mounted, without user interaction but preferably not at all. (Autorun, I'm looking at you)

Although what doesn't seem to mentioned specifically is if the viruses are contained on the memory of the frames themselves (i.e. just like any other removeable drive) or whether they are on some sort of driver/bundle CD. It does seem to hint that it means the device itself, which begs the question how is it getting executed? Is there a setup.exe that autoruns like on certain brands of USB drive (DUMB IDEA OF THE CENTURY)? Are there infected data files like JPEG's that just so happen to allow execution of their code on certain OS's? Is there an actual executable that isn't supposed to be on there at all that autoruns or waits for the user to double-click it?

Either way, it's hardly a brilliant way to spread and only a dozen or so people seem to have been affected out of whichever country it's talking about (presumably the US). That sounds more like they had the virus already and it made its way onto their digital photo frames when they first connected them. Yes, it's a worry that malicious code could make its way onto a consumer device at the factory, but more at fault here are the OS and the user practices - we had all this back in the 80's/90's... don't take floppies off people you don't trust without scanning them first. Have we seriously come full-circle to the same dumb, preventable "problem"?

Re:Well... (5, Insightful)

Anonymous Coward | more than 6 years ago | (#22444696)

- Run an OS that does not automatically try to mount devices, without user interaction.

And this would help HOW? Maybe it'd allow certain wiseguys to point at and blame the user for mounting the volumne in question - but ordinary users who just want to put pictures on their frame would *have* to mount it it, and it doesn't matter whether you have to click or whether it happens automatically. In fact, given that you'll likely only ever plug in the frame when you actually do want to access it, automounting seems like a good idea that does save you work in this case.

Automatically running code without the user asking for it is another issue, of course - that is a colossally stupid idea indeed, yes.

Re:Well... (5, Informative)

Anonymous Coward | more than 6 years ago | (#22444780)

The picture itself in not a virus, rather it becomes one when the malformed image causes some type of overflow /exploit to the program that renders that picture
, so not having something run auomatioally doesn't really matter, when you do open the picture it Runs by exploiting a flaw in the program that renders it. whether it starts automatically or not is of less relevance.

This fact isn't being made very clear in this forum or the document.
  Pictures are not viruses they ar caused to become one on very specific software that render them .
EX: The same image when viewed or if even viewable on different rendering software will have no effect .

Re:Well... (4, Insightful)

CR0WTR0B0T (944711) | more than 6 years ago | (#22444786)

The article is saying that these were found to be infected at the point of purchase. These picture frames are designed to be user friendly and will hook up via USB cable and scan your PC for your digital media. They have software loaded on them to play pictures, AVI, and for some odd reason MP3s. The real issue here is the Ma and Pa who bought their new PC at BestBuy to look at pictures of their grandkids and surf the web are at risk. Even the PC already loaded with anti-virus software isn't protected. As soon as they hook up the frame to start downloading the pictures, the virus is activated. Good thing is this round steals someone's online gaming passwords (WOW?), which likely won't affect many since hardcore gamers aren't likely to use digital picture frames. Next round could be mining for TurboTax information or passwords to play Global Thermonuclear War with WOPR [wikipedia.org].

Re:Well... (2, Insightful)

DrSkwid (118965) | more than 6 years ago | (#22444900)

> hardcore gamers aren't likely to use digital picture frames

you plucked this assertion out of your ass

Re:Well... (2, Insightful)

John3 (85454) | more than 6 years ago | (#22445460)

> hardcore gamers aren't likely to use digital picture frames

you plucked this assertion out of your ass
Since there are somewhere over 8 million WoW players (as an example) then I'd have to agree with your comment about the source of the assertion. Many, many of the WoW gamers I chat with online have difficulty upgrading video drivers and managing their PC. If they want to proudly display their WoW toons to their friends of course they will buy a digital picture frame at Best Buy.

Re:Well... (1)

Jerry Beasters (783525) | more than 6 years ago | (#22446282)

How exactly is this NOT true? The only people who buy these in the first place are generally computer idiots. All you need to do is live in reality to see this. There's not fucking facts or figures needed.

They could infect the driver (1)

emj (15659) | more than 6 years ago | (#22444848)

You can try to prevent all the attack vectors, but it has nothing to do with "the OS" or "the user", but it's more todays design of security. You can't guard yourself against malware in anyway, the only way to make it harder is not using a computer like normal people do, not allowing the normal vectors to be exploitable.

But if everyone used the computer this way, the attackers would just adapt.

The problem is homogenity, there is no one solution.

Re:Well... (0)

Anonymous Coward | more than 6 years ago | (#22445280)

- Run an OS that does not automatically try to mount devices, without user interaction.

Most people dont like running Slackware Linux or BSD or BeOS.

Ubuntu - automatically mounts USB memory devices.
OSX - automatically mounts USB memory devices.
Fedora, redhat, debian, etc....

because most users are incredibly stupid so the operating systems out there make it easy for the stupid people by auto mounting the memory devices.

I think making it hard for the stupid people to use a computer would solve most of these virus problems.

oblig. (2, Insightful)

Xogede (1064902) | more than 6 years ago | (#22445426)

- Run an OS that does not automatically try to mount devices, without user interaction.
- Run an OS that does not execute programs on devices once mounted, without user interaction but preferably not at all. (Autorun, I'm looking at you)
Windows Server 2003?

Re:Well... (2, Insightful)

rah1420 (234198) | more than 6 years ago | (#22445474)

How about 'don't log in as administrator?' Another helpful tip to prevent issues. I wonder if this virus would be able to infect a PC if a "lowly" user plugged in the USB?

Re:Well... (1)

gad_zuki! (70830) | more than 6 years ago | (#22445962)

>Is there a setup.exe that autoruns like on certain brands of USB drive (DUMB IDEA OF THE CENTURY)?

Is this true? windows autoruns on CDs and fixed disks. You need to go out of your way to enable autorun on a usb drive. The drive needs to support auto-assist notification. These usb drives dont. Ive handled many a digital frame and have not seen them do anything like this. I know this is slashdot which is the source for MS FUD, but does anyone have some proof that these infected frames actually do run code on insertaion. Or are we just going to accept being another source of FUD on the internet?

its actually common to see trojans or viruses on a consumer product. Its happened on mp3 players quite a few times. Most likely what is happening is that the machine they are using to copy the drives was actually infected. That doesnt mean you also can get infected via insertion.

Re:Well... (2, Interesting)

gallwapa (909389) | more than 6 years ago | (#22446156)

Autorun functions on most (any?) usb device with autorun.inf. You don't have to enable it.
Run procmon when you plug in a usb storage device, watch and see.

Re:Well... (1)

ledow (319597) | more than 6 years ago | (#22446300)

Er... well... I've personally come across several brands of USB drive that automatically ran programs on stock Windows installs from manufacturers (maybe Dell or somebody turned the options on, I don't know, the point it is shouldn't even be an option). If I remember, you can even specify "actions" for USB drives to present in the "what do you want to do" dialog that appears when you pop it into a slot, quite easily. Usually USB drives have a setup.exe for encryption etc. but a lot of them are also bootable disks with a boot partition, or have a hidden partition to run setup programs from. I'm not saying that you're not right, that's it not the default, but I've seen it happen on "new" machines.

Additionally, I was only positing a theory... the fact is that to catch a "virus" you have to execute it. This means either these users double-clicked an unknown executable (not inconceivable for stupid people) or it somehow executed itself on insertion. Maybe they were pre-SP2 installs of XP, I don't know.

Where is the question ... (3, Interesting)

moseman (190361) | more than 6 years ago | (#22444532)

Where these virii are being placed on the devices is the big question. It must be someone who has access to the code or software installation process. Look at the manufacturer.

Oh, and run a *nix-based desktop.

Re:Where is the question ... (0, Informative)

Anonymous Coward | more than 6 years ago | (#22444660)

-noun, plural -ruses. virii is not a word, and you are an idiot

It is not "professional", but gov. (2, Insightful)

WindBourne (631190) | more than 6 years ago | (#22445714)

The thing is that China is doing to the world, what America did to USSR (and still doing to the world); putting hidden viruses and back doors in our products. Who should be blamed for it? American companies who are building their products in China. After all, you can blame the individual who is working to help their father or mother land.

Re:It is not "professional", but gov. (1)

ColdWetDog (752185) | more than 6 years ago | (#22446206)

Well,if "China" thinks they're going to make great strides reducing the strategic preparedness of the United States by getting game passwords and what not from low-end consumer grade electronic junk, more power to 'em.

Keep up the good work, gentleman. Let me know when you get somewhere.

Nuclear bomb of malware? (3, Insightful)

clarkkent09 (1104833) | more than 6 years ago | (#22444540)

How many people does the author think use those silly picture frames?

Re:Nuclear bomb of malware? (2, Funny)

mrxak (727974) | more than 6 years ago | (#22444560)

I saw a huge stack of these things in Best Buy a few weeks ago near the registers. The people in front of me were talking about getting one, but then they pretty much decided they were worthless. I have to admit I largely agree, but then again I don't own any picture frames digital or otherwise.

Re:Nuclear bomb of malware? (3, Informative)

CR0WTR0B0T (944711) | more than 6 years ago | (#22444854)

There were 1.7 million sold in the United States in 2006 [gizmag.com]. These are bought by people that just want to show some pictures they took with their digital camera without having to dedicate a computer to the job. Black Friday was loaded with ads for picture frames for around $70. Given the price point, it was an attractive Christmas gift to give to anyone who may not be computer savvy. PC Magazine is predicting [pcmag.com] that these digital frames will become smarter to give non-computer users more capability like Video streams and tablet PC functionality. The virus problem could become much larger as we get more and more devices that are preloaded with "easy to use" software.

Re:Nuclear bomb of malware? (1)

Guinness2702 (840158) | more than 6 years ago | (#22444870)

It's the sort of thing that my mum would use. My parents have had a digital camera for ages, but when it comes time to get them off the camera, guess who they call. As far as I know, they hardly ever look at or display their pictures 'cus it would involve huddling around a PC, which they barely know how to use (or want to). I always though that digital picture frames would be good for them and people like them.

I could say more, but my parents have just got back from Antigua, and I have some photos to burn!

Re:Nuclear bomb of malware? (1)

Tony Hoyle (11698) | more than 6 years ago | (#22445000)

Can't see it - digital picture frame: £130 ($260) [amazon.co.uk] (btw. that's cheap - the ones in stores are double that.. I saw one for over £500 just the other day).
Normal picture frame: £5 ($10) [amazon.co.uk]

Cost of devloping photo from a camera? About £2.50 a memory stick in lots of stores. You can do it at the same place you buy a cheap frame from.

In addition the 'digital' frame uses power, can fail (especially if it gets dropped), is only viewable from certain angles, etc.

There's a reason you rarely see them in stores except novelty shops and amazon. They're the classic example of a solution begging for an actual problem.

Re:Nuclear bomb of malware? (1)

SkyDude (919251) | more than 6 years ago | (#22445056)

There's a reason you rarely see them in stores except novelty shops and amazon. They're the classic example of a solution begging for an actual problem.

Could be but I like to think they are purchased by gadget lovers who probably gave birth to current Slashdot readers........

Re:Nuclear bomb of malware? (1)

ColdWetDog (752185) | more than 6 years ago | (#22446246)

Could be but I like to think they are purchased by gadget lovers who probably gave birth to current Slashdot readers........

Hey, I resemble that remark. I actually bought a couple for Christmas gifts. They were quite well received - folks that have digital cameras (or have family that have digital cameras) that want something quick and easy to view pics with. They work admirably.

The quality isn't all that good, the ones I got where 13" 1024 x 768 with a early generation TFT. With some fiddling with Photoshop I was able to get some nice results but that requires an understanding of the limitations of said device. Just sticking $random_picture in the machine gives only fair results. But that's what people want and expect - they aren't viewing National Geographic on these things.

I still have one squirrled away. I'll have to pull it out and see if it does something silly.

Re:Nuclear bomb of malware? (2, Insightful)

M-RES (653754) | more than 6 years ago | (#22445076)

The problem is : you develop all your photos. You put them in an album perhaps. You most likely then put that album on a shelf where you promptly forget about it. You never look through those pictures again. Digital picture frame solution : display all your photos on a rotational basis so you see different pictures all the time - even those you'd forgotten about, bringing back memories of the event/place/people. It makes taking all those pictures in the first place have a point... for a lot of people. I don't have one myself as I use a screensaver on the machine hooked up to the TV to do the same thing, so I don't necessarily need one, but many people can see the benefit. And for those people (probably less tech-savvy than an original luddite) the autorun idea means it's one less thing to do (when they don't even know what all that 'install' and 'driver' nonsense really means/does anyway). You have to remember, most people FEAR their computer - it's alien to them, and they refuse to attempt anything until someone's shown them how to do it first. It's sad, but it's true.

Re:Nuclear bomb of malware? (0)

Anonymous Coward | more than 6 years ago | (#22445124)

Uh, I can think of at least one shop near me that sells "Sumvision" (dirt-cheap Chinese distributor's brand) photo frames (5" or so) for around UK £50, and that's including 17.5% VAT (sales tax).

Personally, I think the borders are oversized, the picture resolution is pretty poor, and I have other reasons for not liking them (not least because I think having a fugly glowing photo frame that needs constant powering and takes up a wall socket is more hassle than it's worth). But they're available, and they're cheap.

Re:Nuclear bomb of malware? (1)

totally bogus dude (1040246) | more than 6 years ago | (#22445126)

I got one for my parents, and they like it (they've had digital cameras for ages). You're right in that they're very expensive which is why I chose it as a gift: they're a nice thing to have, but hard to justify spending your own money on.

Almost your entire argument is that they're worthless because they're expensive. New tech is always expensive. When they become more affordable I think they'll grow in popularity a lot. The viewing angle is pretty good on the one I got, and LCDs are always improving.

The main benefit is convenience. Take photos, put the memory card in the frame, and you're instantly viewing them. No need to go to a store to get them developed. Also they can show lots (as in, lots) of different photos so there's always something different to look at which is something a regular frame can't do, and also means you have a use for those "less than perfect" photos which you wouldn't want developed as actual prints.

Now personally I wouldn't have any use for one, but I wouldn't have any use for a regular photo frame, either.

Re:Nuclear bomb of malware? (1)

Peet42 (904274) | more than 6 years ago | (#22445170)

Can't see it - digital picture frame: £130 ($260) (btw. that's cheap - the ones in stores are double that.. I saw one for over £500 just the other day).


£62 from Saverstore: http://www.saverstore.com/productinfo/Product.aspx?product_id=20016610&rstrat=1 [saverstore.com]

Of course, all these backlit LCD devices are, at best, less than optimal. But when cheap colour e-Paper comes out, these'll be the forst "killer application". As long as the viruses haven't wiped out all technology first... :-/

Re:Nuclear bomb of malware? (3, Interesting)

Atraxen (790188) | more than 6 years ago | (#22445420)

Here's a real-world example of why it might be 'useful'. Dental hygienists often work part time for a single dentist (full-time over multiple offices) and their patient room is used by someone else when they're not there. So, they usually take their pictures/diplomas off the wall when they leave for the last day of the week, and the other person puts theirs up. Also, consider that many of these patients have been going to the same dentist for >20 years - they know the employees, and want to see the new pictures. That frame allows a few hundred pictures to be in the same spot, and come down easily at the end of your mini-week.

At least, my mom thinks so. In the end, that's the key thing to remember about specialized technology - there is/should always be a niche it fills, and it's most profitable when niche > 1. Nearly nothing is too esoteric to be useful to someone - ask me to show you some of the glassware in my chem lab!

Re:Nuclear bomb of malware? (1)

Guinness2702 (840158) | more than 6 years ago | (#22445778)

Can't see it - digital picture frame: £130 ($260) [amazon.co.uk] (btw. that's cheap - the ones in stores are double that.. I saw one for over £500 just the other day).
You're shopping in the wrong places (£55) [dabs.com] then, because they are definitely cheaper than that elsewhere. Even this lot (£40) [pcworld.co.uk] can do better!

Actually, on closer inspection, you didn't even search amazon properly (£42.50 +) [amazon.co.uk]

It's true that you can get prints for a good price, but I disagree that they are entirely worthless.

Re:Nuclear bomb of malware? (1)

aurispector (530273) | more than 6 years ago | (#22445518)

Dunno, but I do and think they are great. I started out by using my laptop screensaver to display my digital photos and kept staring at the pics going "Awwwww". Basically every digital pic goes on it. Frankly it keeps me in touch with the fun times so last year's vacation in Edinburgh doesn't already seem like a distant memory.

Take one to work and place it where you can see it. It actually surprised me how much I love it.

Put the pieces together (5, Insightful)

DNS-and-BIND (461968) | more than 6 years ago | (#22444552)

1. The authors of the new Trojan Horse are well-funded professionals whose malware has "specific designs to capture something and not leave traces,"

2. Computer Associates has traced the Trojan to a specific group in China

3. It spreads by USB drives

4. "It is a nasty worm that has a great deal of intelligence,"

Follow the money. My money's on an espionage tool from the Chinese government or its affiliated corporations. Let the flaming begin...I said "China" and "espionage" in the same sentence, I'm sure folks out there would like to lynch me just for even suggesting that there is such a laughable concept as espionage, or bash me for so-called China-bashing (which includes any criticism of China except those for human rights, that's OK).

Re:Put the pieces together (4, Interesting)

sinai (989310) | more than 6 years ago | (#22444830)

Since we're all for China bashing, have a look at the U.S. - China Economic and Security Review Commission's 2007 report [uscc.gov] to congress, which states, "Chinese espionage activities in the United States are so extensive that they comprise the single greatest risk to the security of American technologies". Add to that the MI5's recent warning [timesonline.co.uk] that big EU firms were being targetted for web-based espionage, and the lynch mob might have to drop their pitchforks and go think this thing over. I might sound a little redundant because I've made mention of this before, but as an information assurance tech working in the field (Operation Iraqi Freedom to be exact), the whole bash-the-China-basher thing resonates. Make no mistake about it--China is using the web to actively target the US military-industrial complex, as well as key commercial and civil interests. There are numerous statements from the Pentagon which allude to this, although the often classified nature of threat-specific information demands ambiguity. Lots (and I mean lots) of recent activity might change that though.

Re:Put the pieces together (0)

Anonymous Coward | more than 6 years ago | (#22445218)

Touchy much?

Re:Put the pieces together (0)

Anonymous Coward | more than 6 years ago | (#22446210)

That's RED China, you politically correct sensitive clod!

Easy Solution (1, Funny)

BlueStrat (756137) | more than 6 years ago | (#22444562)

Just make sure nobody cares about or likes you enough to ever send you something so sappy.

And before anyone says it, yes, yes, I'm in no danger...right. :P

Cheers!

Strat

Be Safe: Roll Your Own DPF (5, Informative)

wehe (135130) | more than 6 years ago | (#22444576)

Do you want to be on the safe side and have some fun, too? Just make your custom DPF and install Linux on it. Here are some DIY instructions to make a digital picture frame from an old laptop or notebook [repair4laptop.org]. And here is a survey of Linux used on selfmade digital photo frames [tuxmobil.org]

Re:Be Safe: Roll Your Own DPF (1, Funny)

Anonymous Coward | more than 6 years ago | (#22445422)

Yeah! Ain't nothin' like using 60-75 Watts to power a digital picture frame!

Re:Be Safe: Roll Your Own DPF (0)

Anonymous Coward | more than 6 years ago | (#22445758)

Great find! I'll be sure to pass along those instructions to my grandmother.

ALERT: People at SANS, incoming CHAIRS! (4, Insightful)

SmallFurryCreature (593017) | more than 6 years ago | (#22444578)

Deborah Hale at SANS suggested that PC users find friends with Macintosh or Linux machines and have them check for malware before plugging any device into a PC.

Oh boy, you gotta love that bit. Amusing as the suggestion that Mac's and Linux "machines" are not PC's may be, do you realize just how damning of MS software this is? SANS, a security organisations basically says that if you don't trust a piece of hardware, then it is okay to plug it into a mac or linux machine, to test wether it is safe to plug it into a windows pc.

Is this like those warnings on tv, kids do not try this, if you want to do this experiment, get an adult to help you. Kids do not use windows blindly, if you do wish to add a new device, get someone with a real OS to help you out.

Oh well, to all the windows using women out there, remember, the standard rate for getting a guy to help you out is ONE blowjob. Please form an orderly cue.

Re:ALERT: People at SANS, incoming CHAIRS! (1)

theguyfromsaturn (802938) | more than 6 years ago | (#22444844)

On the other hand she is implying that people may have friends running Linux. Considering that the Linux using croud is still composed mostly of geeks, and that geeks being dorks and all don't really have friends, she could have limited the options to finding someone with a Mac.

(Disclaimer: I'm a Linux user and I have no friends.... Will you be my friend?)

Re:ALERT: People at SANS, incoming CHAIRS! (0)

Anonymous Coward | more than 6 years ago | (#22444920)

I didn't know Windows used women. I thought they loved and respected them.
OH! You probably meant "windows-using women", not "windows using women"; just like you probably meant "queue", not "cue", since you were discussing standing in line, not theatre or moviemaking, or shooting pool. Must be those thoughts of finally getting sex by utilizing your vast computer knowledge that numbed your mind. Now you have two parts of your anatomy that are numb.

Re:ALERT: People at SANS, incoming CHAIRS! (2, Funny)

the_humeister (922869) | more than 6 years ago | (#22445654)

Oh well, to all the windows using women out there, remember, the standard rate for getting a guy to help you out is ONE blowjob. Please form an orderly cue.

Do those sores on your mouth mean anything? No? Carry on then...

The chicken or the egg (3, Interesting)

Joebert (946227) | more than 6 years ago | (#22444580)

Updated antivirus software works unless the malware writers get ahead of the antivirus vendors,

Malware writers are always ahead of antivirus writers. Antivirus was invented in response to malware & antivirus updates are dependant on new types of malware.

Re:The chicken or the egg (0)

Anonymous Coward | more than 6 years ago | (#22444862)

Antivirus [...] dependant on new types of malware.

Conclusion will be drawn in 3... 2... 1...

Re:The chicken or the egg (1)

totally bogus dude (1040246) | more than 6 years ago | (#22445432)

OH MY GOD. You mean NORTON isn't just PROTECTING me from the viruses, but they're CREATING them?

I see a joint venture between Symantec and Network Solutions in the near future. In fact, I can feel the converged business synergies fast-tracking NorSol to the top already. I'm getting in on the ground floor of this dynamic enterprise partnership!

Re:The chicken or the egg (0)

Anonymous Coward | more than 6 years ago | (#22445510)

A merger between Norton & Symantec would be a great idea. Instead of having to tell people "Use anything but Norton or Symantec" you can simplify it to "Use anything but NorSol". Much better!

Re:The chicken or the egg (0)

Anonymous Coward | more than 6 years ago | (#22446020)

hm yes but this is probably one of the few scenarios where AVS developers should be ahead of virus writers. simply put, the virus writer can't update his creation in already sold picture frames, the code has a tiny reality in which to operate making it easier to find, the virii can be investigated without infection by attaching to an OS That Is Not Windows (tm), and last but not least because it requires that a USB device be attached to a Windows machine the AVS has the chance to hijack the attachment before it occurs and determine if the jpg/mp3/wmv/etc is exploited before loading it (also its a single vector of infection so it isn't as complicated to discern its intended arrival).

i suspect this thing exploits gdi vulnerabilities, so if you have every single gdi dll on your machine patched, which no one does... you're boned. yes, MS released a patch for their own software, but not apps that they don't own. you have to specifically patch each of the gdi dlls yourself, and people have forgotten about this. there are ancient patching tools for doing this that some security experts created laying about the web which determine which gdi dlls are unpatched on the machine. why MS never got around to writing a mass patcher i do know. unless they did and i didn't notice it.

Three R's again!!! (4, Funny)

MrKaos (858439) | more than 6 years ago | (#22444586)

Well four now, since Vista was released,,

If you're attacked and your PC fails, you'll have to reformat and reload all of the programs.
and it triggers two of the 4 r's of Microsoft

reboot the machine

reload the applications *

reformat/reinstall the OS *

revert to the previous version

but it must be fun cause we do it over and over and over and over and over and over and over and over and over.

Re:Three R's again!!! (1)

TheLink (130905) | more than 6 years ago | (#22444994)

The usual:

Retry (it might work the second try)
Restart (the program)
Reboot (the O/S)
Reinstall (the program, and various versions)
Reformat
Reinstall (the O/S + application)
Reinstall (another O/S + application)
Retry (who knows...)
Resign
Resume (rhymes with cafe)
Resume (rhymes with consume)

Then there was: plug and pray and plug and pay and plug and pray and plug and play and plug and pray and plug and yay... finally it works :).

Words of Advice (2, Funny)

terom (1077107) | more than 6 years ago | (#22444598)

Deborah Hale at SANS suggested that PC users find friends with Macintosh or Linux machines and have them check for malware before plugging any device into a PC.

You really just got to wonder what they were .... (2, Insightful)

3seas (184403) | more than 6 years ago | (#22444610)

....thinking.

Don't virus writers have better thens to do?

Unless they are vested in anti-virus software, whats teh point other than just causing countless people problems.

Re:You really just got to wonder what they were .. (3, Insightful)

mlts (1038732) | more than 6 years ago | (#22444676)

It is a solid revenue stream. If malware succeeds in installing, there is profit to be made from identity theft, theft of CD keys from games, grabbing virtual assets like MMO accounts and selling them (or using the account for EULA-breaking items until the account is permanently banned), blackmail, extortion, botnet making, spam zombies, and many other nasty things

Virus writing is highly profitable, each second a piece of malware goes unstopped on a machine is a second that the machine can continue to spew spam, spy on an internal network, or be a part of a DDoS attack.

Professionals, you say? (1)

coolhaus (186994) | more than 6 years ago | (#22444746)

Professionals, you say? I wonder what it costs to hire them. Let's ask the Chinese government, shall we?

Goatse frames? (1)

ivoras (455934) | more than 6 years ago | (#22444792)

I can't be the only one who thought of this: what if a virus took over the frames just to display the well known image on them, for amusement value? :)

Network Virus Innoculation (2, Insightful)

Doc Ruby (173196) | more than 6 years ago | (#22444802)

Since there are now so many network devices in the wild without an admin user interface, and without even an admin user (except maybe some $5 an hour warranty phone tech support dweeb), the wild needs an easy way to innoculate entire network domains against viruses. We should learn from nature how to keep viruses under control. In 5-10 years, practically every human will have 1-100 infectable devices, many of them in the critical path for their convenience, work, and even human health, so we've got to get this under wraps with that deployment explosion on the horizon.

I should be able to subscribe to an antivirus site that distributes inoculation viruses, just like in nature. Install it on my home/office server, and it gets updates which attack my own hosts the same way as the enemy virus does in the wild. But its attack payload is removed, replaced with a payload that patches the infected host against the attack virus. The home server should also scan the network's devices for other signs that they're already infected, including emailing me with instructions how to inspect each device for UI signs that it's infected with the attack vir And periodic (daily/weekly/etc) reports of "health status". When it detects a host, like a networked picture frame, that seems to be already infected but can't be autopatched, it can recommend further manual steps if possible, including wiping the host's storage if that will work. Or just recommend unplugging and throwing away a doomed host, perhaps with a mail-in "thorough treatment" by the antivirus vendor experts, if there's a chance to recover data and the device. Or just throw away a hopeless device.

There's a lot of talk lately about "good worms" which would cruise the Net just like "bad worms", but patch instead of infect. Since "patch vs infect" is in the eye of the human operator, that unsupervised release into the wild can easily go wrong. But this kind of managed release in each LAN, rather than just over the entire WAN (Internet), leaves the "doctor virus" compartmentalized - don't let it route between LAN segments. And more importantly, it leaves the vendor and the home user who started it each responsible, and accountable, for using it right. If it's made extremely simple to operate, with the most minimal user intervention required, this kind of product could really improve security without a lot of hassle. And make antivirus vendors a new ton of money.

Re:Network Virus Innoculation (1)

ciggieposeur (715798) | more than 6 years ago | (#22444864)

Sounds nice until a malware author manages to make their real virus look like an "anti-virus virus" and it walks right through the anti-virus defense.

Re:Network Virus Innoculation (1)

Doc Ruby (173196) | more than 6 years ago | (#22445028)

For one, malware authors can already do that, regardless of whether the antivirus makers do this.

For another, that's the cat/mouse game they're already playing. So the antivirus I'm describing has to be able to protect from that attack, too. Again, regardless of whether the antivirus is deployed as I describe, or not.

The only change I make is that the software the user is already installing now will also cruise their network patching their own hosts without an admin UI or admin user (probably eventually all hosts, for the mass market, since their users won't be qualified to do any admin at all other than installing the antivirus, if it doesn't come bundled with their home server). So there's no actual change to the security protocol, except now the security SW can also do what the attackers can do. And users are paying some attention to the results, then escalating if something shows up (or something good fails to show up).

Re:Network Virus Innoculation (1)

dotancohen (1015143) | more than 6 years ago | (#22445546)

Sounds resource intensive.

Re:Network Virus Innoculation (1)

Doc Ruby (173196) | more than 6 years ago | (#22445734)

What is resource intensive?

Re:Network Virus Innoculation (1)

dotancohen (1015143) | more than 6 years ago | (#22445990)

What is resource intensive?
Having 'good' viruses propagating, looking to outsmart the 'bad' viruses, in addition to the anti-[virus||spyware||adware||rootkit||$otherMalware] running on the system. It would make more sense to me to scan files as they are [downloaded||copiedFromDisk], and a nightly system scan or five (when nobody is using the GUI).

Re:Network Virus Innoculation (1)

Doc Ruby (173196) | more than 6 years ago | (#22446108)

I'm talking about devices which don't run any antivirus systems, like the digital picture frames we're discussing in this story. And even the ones that do already run antivirus, if they get compromised by this system, then they need its augmentation. It's not the only way, exclusive of scanning content, but it is more comprehensive whether it's complementing onboard antivirus or compensating for its absence.

As for its resource intensity, that's required only from the separate LAN server that operates its updates and distribution. Compare that resource consumption with the effects on the LAN from viruses that manage to infect these devices. The external resources required are cheap, especially considering the benefit, and in fact are much cheaper than installing them on each host (especially small ones like digital picture frames), even if those hosts can accept them.

Computer, heal thyself. (1)

grumling (94709) | more than 6 years ago | (#22445954)

Doesn't nature dynamically develop cures? Sure, we have learned to manipulate our immune system through deactivated viruses and bacteria, but our bodies produce the antibodies in most cases. As and example, many people get a minor cold via the standard flu shot. They do this because their body is developing an antibody.

For your idea to work, we would need an OS capable of detecting and eliminating the bad stuff, something that biological systems still have a hard time with. For example, a body's solution to common cold control involves physical evacuation (messy, uses lots of resources), heat generation (useless against most invaders), and finally, creation of a new T-cell(?) to fight the invader. Now, if you're willing to have greatly reduced functionality of you shiny new PC for a few months while it develops anti-bodies, and devote a large amount of storage to all the anti-bodies, it would be a great way to keep PCs safe.

Re:Computer, heal thyself. (1)

Doc Ruby (173196) | more than 6 years ago | (#22446076)

Nature dynamically develops reactions to infection. The reactions that are "healing" are stabilized in a species by natural selection of those individuals that more often survive to reproduce, for which healing can be an advantage. But natural selection requires the ones that aren't as fit to survive to die off. That seems like a waste of computers, even if we accept it in nature.

For my idea to work, the treated devices don't need anything they don't have now. The point is that the healing viruses attack exactly like the viruses they patch against, so any old device that's vulnerable will get attacked and infected just like if the harmful virus were attacking, but the payload is a patch against exactly those attacks, not harm. It's a more sophisticated "inoculation" than immune systems in nature (as far as we've discovered so far), to compensate for the less sophisticated "immune" systems in our synthetic devices. In nature we just have to introduce a weakened virus, which existing immune systems can recognize without being overwhelmed, and then the natural immune system takes over by "patching itself" (creating a larger/quicker reserve of counteragents that won't be overwhelmed by a nonweakened virus if it arrives). Our synthetic devices often have no such immune system, nor the resources to host one (like digital picture frames, and even smaller devices that will be increasingly popular in increasingly essential systems, like eg. networked lightswitches). So we have to deliver not just a weakened virus, with its harmful payload removed, but a weakened virus that can still infect (just as the harmful virus would without this intervention), but which also carries the patch and patching SW that the device itself does not carry.

This approach lets a network include lots of devices that can't defend themselves against the general case of an arbitrary virus. Either because they don't have the resources, or because they just don't have the immune system installed for any other reason. It avoids needing a standard "antivirus API" for all devices, which would have constrained their design, and which requires trusting the device maker to do it right - and which standard API would itself become a target for harmful viruses. Instead it just acts like something the harmful viruses can't exploit any more than they already do: their own operation.

This approach learns from nature, but adapts it to the different ecosystem that our (synthetically and guided) evolving devices actually live in.

Switch off autorun already, huh? (2, Informative)

sw155kn1f3 (600118) | more than 6 years ago | (#22444842)

It's the first thing I do when installed fresh copy of windows. I do this with TweakUI XP - it's download at MS site. Very handy little tool to make initial tuning.

Re:Switch off autorun already, huh? (0)

Anonymous Coward | more than 6 years ago | (#22445292)

I do that. Unfortunately I think it is a single-user setting, so if I set up an account for someone else they get the same, stupid default autorun setting.

Does anybody know if there is an easy way to force "no autorun" to apply for all users or to disable it permanently (i.e. in a way that a virus/worm couldn't easily re-enable by flipping a few registry settings)?

NoDriveTypeAutorun (2, Informative)

WD (96061) | more than 6 years ago | (#22445730)

You'll want to set the NoDriveTypeAutorun [microsoft.com] registry value in HKLM to 0xFF. This will disable Autorun/Autoplay for all device types. What's interesting, though, is that according to that article, the default configuration for Windows is to disable Autorun for removable disks that aren't "CD" devices. What's not clear is whether this digital picture frame actually does automatically run, or whether it requires the user to double-click on the device icon in Windows explorer. (The latter of which will run software on the frame, regardless of AutoRun settings).

However, if your goal is to make a change that is malware-resistant, forget it! If you've already got malicious code on your system, it's game over. It can make any software changes that it likes.

Re:Switch off autorun already, huh? (0)

Anonymous Coward | more than 6 years ago | (#22445844)

So, the first thing you do when you've installed a fresh copy of windows is you go online.
Hope you're wearing a rubber!

From China you say? (1)

M-RES (653754) | more than 6 years ago | (#22445016)

Oh the HORROR (MOVIE)!!! ;) They should be banned...

Re:From China you say? (0)

Anonymous Coward | more than 6 years ago | (#22445528)

I'm really sorry, but you fail it ;)

Fire the metaphor writer (4, Funny)

brusk (135896) | more than 6 years ago | (#22445144)

'specific designs to capture something and not leave traces ... This would be a nuclear bomb of malware.'

Say what? Whenever I want to sneak in somewhere and get away all quiet-and-subtle-like, my first thoughts are of atomic weaponry. Want to steal sensitive documents? Just detonate a small thermonuclear device and no one will even realize you were there, and you'll leave no traces (unless you count a loud bang, bright light, mushroom cloud, charred corpses, fallout and a spike in cancer rates and radiation levels).

Ninjas. Men in Black-style mindwiping. Cat burglar. Evil hypnotist. Lots of available analogies. Nuclear bomb ain't one of them.

No traces, huh? (1)

WK2 (1072560) | more than 6 years ago | (#22445158)

specific designs to capture something and not leave traces ...

Clearly, this isn't true. It's on slashdot. Everything leaves traces.

Is this virus VIsta capable? (1)

HangingChad (677530) | more than 6 years ago | (#22445412)

Protecting against these new computer viruses, which so far are aimed at PCs running Windows, is hard - and sometimes impossible.

Windows XP or Vista? Are the infection rates similar for the two operating systems? I just hate it when a virus or trojan is treated like a uniform infectious agent. There can be big differences in the infection rates even among Windows machines, depending on configuration.

Autorun is from the devil. Right up there with ActiveX in my book. I think it does point up how difficult it is to secure Windows in a connected environment. I have a token Windows box on the network but don't surf with it. And I don't connect outside devices to it...especially not now. Seems like the added storage and capability of connected devices gives the virus writers a sweetheart platform to launch an attack.

I wonder how many of those picture frames managed to make their way on to corporate networks? Some exec that wants his kids pictures on his desk. I've got a customer with one of them in his office, an older one. Probably not a problem but that's today. The future is rife with potential for this to turn into a really bad problem.

Worst analogy ever? (0)

dotancohen (1015143) | more than 6 years ago | (#22445448)

...specific designs to capture something and not leave traces ... This would be a nuclear bomb of malware...
Since when do nuclear bombs not leave traces? This might be the Ely Cohen of malware, but it's certainly not a nuclear bomb.

i don't trust china at all (1)

m2bord (781676) | more than 6 years ago | (#22445450)

this reinforces why i don't believe we should be doing business with china. there is so much corruption in the government and workplace

Best protection against a virus/trojan/worm (1)

foniksonik (573572) | more than 6 years ago | (#22445630)

I've found the best protection is software that tells you when other software is trying to dial home or send out anything.... on my Mac I use Little Snitch, on PCs I believe the best is Zone Alarm.

It doesn't rely on virus definitions or anything else. It only requires that you take a minute to think about whether the software which wants to connect is doing so at your request or has gone renegade. Now of course once you find that you've got something trying to get out you need to clean it, which is where an anti-virus app comes into play. You run it and if it does the job you're good to go.. if not, at least you know there is something wrong and can:

a) use a Deep Freeze type strategy to rollback to a known good version of your system
b) hunt it down or let a pro hunt it down for you or
c) reinstall or reimage

This also avoids the worst aspect of AV software.... the fact that it bogs your system down making it much less useful in general.

Best picture frame is a Nokia N770 or N800 (1)

Sleepy (4551) | more than 6 years ago | (#22445864)

I got a picture frame as a gift, but honestly... how many of us would BUY one?
These picture frames typically have built in memory or require USB synching... what about 802.11 or bluetooth instead? Batteries?

Which brings me to my point.... the Nokia N800 is $200 and runs to 400 MHz, and can do all this and more. The Nokia N770 closed out at $125 (if you can still find one) and has the same relevant features.

Dare I defend Vista? (1)

eXonyte (842640) | more than 6 years ago | (#22446028)

Yes, I think I will for a moment.

When you insert a disc/plug in a device that includes an autorun app, Vista will ask you with a dialog if you would prefer to run the autorun, browse the device's files, or do nothing.

Granted, this won't protect from a true virus (as opposed to today's typical spyware/trojan apps) nor a user's own "clik da buttun" ignorance, but it's still much better than blindly running anything you throw at it.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...