Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

March Madness repost: Infected picture frames

An unexpected interruption has delayed the writing of the “using Certificates to encrypt your e-mail” post, and it may not appear until much later on today. In the meantime, I am re-posting a recent article. This post appeared as “Cyber Crime News”, 2/16/08.
Nowadays, all you need to do is plug in a digital picture frame, and you lose your life savings.
Sound unbelievable? Guess again.

* Regular readers of this series should know that the hackers and viruses/malware of today aren’t about ego, or twisted maliciousness, but are all about profit — namely getting your money. It is cyber-crime, and you are the target. Your computer is their weapon.
* Regular readers will know that phishers send spam e-mails which contain links to fraudulent, malware-laden websites in the hopes that you will enter your account password so they can steal your identity (and drain your funds); and they know that merely visiting this site will “drive-by downloadspyware (such as a keylogger) onto you machine, which will eventually report your logins… or anything else you type, like, your credit card number. [note:in April 2007, Google reported that it had found “hundreds of thousands” of webpages serving up malware.]
* Regular readers know that these hackers use trojan horses (a type of worm) to install a backdoor on your machine and turn it into a zombie (aka “bot”, short for ‘robot’) under their control [ http://techpaul.wordpress.com/2007/06/14/the-fbi-and-operation-bot-roast/ ] which they then use, however they like, as part of their botnet. Typically, they use your machine to send spam and copies of the trojan horse (to make their network of bots larger) itself.

All very depressing stuff.

But what you may not already know, Dear Reader, is that these cyber-criminals are always looking for new ways to infect your machine, for the uses mentioned above, (okay; you might have figured that, though) and the method they’re trying for is through the use of USB devices. So that, when we plug in our thumb-drive it infects our machine.. and any other machine we plug  it into. The bad guys know that antivirus tools don’t scan USB storage devices before they’re opened (“accessed”).
Because of this fact, I am very leery of thumb-drive give-aways (free gifts) and generally decline to reach into the bowl.

A security nightmare come true:
What if the virus writers and cyber-criminals could get in cahoots with the device manufacturers (or, someone who works there) and pre-install their malware onto brand-new devices? Well, you would go to your local MegaGigaMart* and buy a new device, open the box (or ‘blister pak’), plug it in, and bingo!, you’re identity is stolen, fraud is committed in your name, your accounts are drained.. and your life is ruined. And consider this, folks– darned near everything is made in China.
If that isn’t scary enough, what if the malware was undetectable? What if it could shut down all known antivirus programs? Don’t laugh: it’s real.

There are, right now, digital picture frames (which connect via USB) coming from the (Chinese) factory with a trojan horse pre-installed (and a while back, a few iPods were infected at the factory). This trojan seems to be — for now — limiting itself to stealing online gaming identities, but displays the fierce anti-removal characteristics of truly advanced malware. If it can be programmed to steal gaming identities (do I need to say it?) in version 1.0, who knows what 2.0 will be designed to steal?
Scary, scary (and depressing) stuff.

Today’s free link: For more details on the digital picture frame infection, please read Deborah Gage’s article; “Trojan Horse probing defenses– New virus is smart, aggressive and blocks antivirus protection at will“, published in the San Francisco Chronicle, Friday, Feb. 15th. 2008. Business Section.

* Beware of “Hillary video” e-mail. (Source= Symantec) Spammers are taking advantage of the election season to send a poisoned link (it downloads a trojan) in an e-mail promising a video of an interview with Hillary Clinton. For details, click here.

Copyright 2007-8 © Tech Paul. All rights reserved.

Share this post :

March 20, 2008 - Posted by | advice, anti-spyware, antivirus, computers, hardware, PC, Plug and Play, security, tech, Windows | , , , , , , ,

2 Comments »

  1. trojan horse pre-installed? Omg…

    Like

    Comment by sevenpics | March 21, 2008 | Reply

  2. A non-detectable, almost-impossible-to-remove trojan.. Fresh From the Factory! And it could be any USB storage device..
    Yes, indeed, OMG.

    Folks, this Commentor is using this forum to point back to a website, which I normally do not allow.. however, in this case I’ll make an exception. SevenPics is worth a look-see.

    Like

    Comment by techpaul | March 21, 2008 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: