Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Malware Distribution Through Physical Media a Growing Concern

Journal written by twitter (104583) and posted by Soulskill on Sun Jan 13, 2008 11:09 AM
from the beware-geek-squad-bearing-gifts dept.
Security Hardware
twitter brings us a story about the increasing number of digital devices reaching consumers with malware already installed. In this case, digital photo frames from three different Sam's Club stores were found to contain the same type of malicious code. We discussed a similar problem with iPods a while back, as well as a more recent situation with Maxtor hard drives. Quoting the Register: "While a compromise at the manufacturer is the most likely scenario, ISC's Sachs also pointed to retailers as a possible point of infection. Returned products, which could have been infected by the consumer, are frequently put back on the shelf, if they are in sale-able condition, and attackers could take advantage of a store's poor digital hygiene, he said. 'Trying to (infect a product) all the way back at the factory — getting it through all the checks and balances — would be pretty hard to do,' he said. 'But doing it at the store, where there might be loose return policies, and (where) they put it back on the shelf - you are not going to get a million infections, but you might get a person from an investment bank next door.'"
+ -
story

Related Stories

[+] Apple: iPods Come Complete With Windows Virus 672 comments
kaufmanmoore writes "Cnet is reporting that some video Ipods made after September 12th have the RavMonE virus loaded onto it. In Apple's announcement they take a swipe at Windows security and encourage Windows users to install anti virus applications."
[+] Hardware: Trojan Found In New HDs Sold In Taiwan 344 comments
GSGKT writes "About 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand were found to have trojan horse malwares pre-installed (autorun.inf and ghost.pif). When the HD is in use, these forward information on the disk to two websites in Beijing, China: www.nice8.org or www.we168.org. The article implies that authorities believe the Chinese government is behind the trojans. A later article pins down the point of infection to a subcontractor company in China. A couple of months back the Register was reporting on pre-installed malware detected on Maxtor disks sold in the Netherlands. This earlier report was downplayed by a Seagate spokesman." The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.
Journal: Malware out of the box on Electronic Picture Frames by twitter (104583)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Malware Distribution through Physical Media a Growing Concern 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • 1990 called... (Score:3, Informative)

    by Wonko the Sane (25252) * <wts42@yahoo.com> on Sunday January 13 2008, @11:09AM (#22025448) Homepage Journal
    and it wants its headline back.

    (yes I know this is a different story than back then, but it's the same headline)

  • Pretty bad when photo frames spread computer virus (Score:3, Insightful)

    by Secrity (742221) on Sunday January 13 2008, @11:14AM (#22025494)
    I bet that most people would have NO idea that this could possibly happen.

  • It's only a problem if you use Windows. (Score:5, Insightful)

    by Anonymous Coward on Sunday January 13 2008, @11:15AM (#22025500)
    These days, it's really only a problem if you use Windows. Those of us using Linux, *BSD, Solaris, Mac OS X, and other non-Windows operating systems have little to worry about.

    Now, someday this may start to affect other, non-Windows operating systems. But in many ways I don't think it will be as much of an issue, because many of the alternative OSes have a far more sensible security model than that of Windows. So what easily causes problems with Windows has little to no effect on Solaris, Linux or OpenBSD.

    • Re: (Score:3, Funny)

      by Anonymous Coward
      I know what you mean. Writing a Virus for Windows is extremely complicated given its closed source proprietary nature. Windows users are very diligent on protecting their systems with scanners and always purchase software from a trusting source. Its rare you hear of a Windows infection. Those Linux users need to get with the program if they ever want to gain the desktop.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        "Its rare you hear of a Windows infection. Those Linux users need to get with the program if they ever want to gain the desktop." - by Anonymous Coward on Sunday January 13, @11:25AM (#22025570)

        True, if they did this stuff, here:

        HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA + make it "fun" to do:

        http://www.security-forums.com/viewtopic.php?t=50567&sid=c8b24a76a3974ec9bef2bed38c4b64d4 [security-forums.com] :)

        * Windows CAN be secured very well, with a bit of effort, for years of security, even online, for years into the distance if you try what's in that URL above!

        It works - & for a small investment of your time, only, & the work done by YOU, only!

        (Simply by using the CIS Tool as your guide

    • Re:It's only a problem if you use Windows. (Score:5, Interesting)

      by Anonymous Coward on Sunday January 13 2008, @12:31PM (#22026142)
      The Morris Worm of twenty years ago did cause problems in the UNIX world. However, unlike Microsoft, the UNIX developers and vendors quickly fixed their software. And thus we haven't seen a single worm for UNIX systems since then, although UNIX and UNIX-like systems are the most widely used server OSes, and hence typically networked. Now contrast this to the numerous Windows-only worms that have caused billions of dollars of damages for individuals, businesses and governments around the world, and only in the past decade!

      I'm not sure why you've been marked as a "troll", because what you said is completely accurate. Windows systems are more susceptible to malicious software. I'm not sure how that could be disputed. Now, things have gotten vastly better than they were when Windows 95, Windows 98 and Windows ME were developed. But even Windows XP has been widely affected by worms and malware, and Windows Vista is usually little better.

      Although I'm an accountant by trade, I've worked at several companies with mixed Windows and UNIX networks. And at all of them we've had significant downtime due to Windows worms and viruses wreaking havoc on our internal networks. But I've never once, at any of those companies, heard of any downtime of the UNIX systems because of such a security threat.

    • Malware being shipped with hardware is hardly news. It is the common practice of computer vendors who ship their hardware with Windows pre-installed.

  • I disagree ... (Score:5, Interesting)

    by ScrewMaster (602015) on Sunday January 13 2008, @11:19AM (#22025526)
    Trying to (infect a product) all the way back at the factory - getting it through all the checks and balances

    Apparently this guy has never worked in a production firmware environment before: there are fewer checks and balances than you might think, especially because embedded-system guys generally don't have much awareness of Windows malware issues. Unfortunately, more and more embedded devices are being plugged into desktop machines, and with auto-run enabled ... well. This whole scenario is hardly surprising.
    • I would bet a lot of systems that come preconfigured from some small-time vendor have a good chance of being infected too. I'm speaking of point of sale systems, computers attached to instrumentation, etc.

    • I plead guilty... sort of (Score:5, Insightful)

      by dbc (135354) on Sunday January 13 2008, @12:26PM (#22026096)
      Once upon a time I managed a software product testing team. Part of our standard flow for all release candidate CD's was to get fresh signatures and virus scan as both step one and also with refreshed signatures as the last step (2 or 3 weeks later) of declaring a release candidate ready for release. We *still* shipped a CD with malware once, a virus that was too new to show up in the signature files from the scanning software company. Lukily, it was a beta that went to less than 100 customers, and it was a relatively benign Word macro virus. Still, I had to explain to a Vice President how we did virus scanning for releases.

      As a result of this, we started using virus scanners from three different manufacturers. As a software vendor, the risk of shipping a nasty virus to your best customers is very real, no matter how hard you try to prevent it.

    • Re: (Score:3, Interesting)

      by Zeinfeld (263942)
      Apparently this guy has never worked in a production firmware environment before: there are fewer checks and balances than you might think, especially because embedded-system guys generally don't have much awareness of Windows malware issues. Unfortunately, more and more embedded devices are being plugged into desktop machines, and with auto-run enabled ... well. This whole scenario is hardly surprising.

      There is a responsibility problem here. Do we blame the hardware manufacturers for producing faulty pro

      • Autorun is evil (Score:5, Insightful)

        by kybred (795293) on Sunday January 13 2008, @01:59PM (#22026968)

        A better way is to turn off autorun,

        I almost got some malware from autorun off a thumb drive, fortunately the anti-virus recognized it and stopped it from running. When that happened, I looked for a surefire way to turn off autorun (and autoplay) but all I found was a bunch of registry edits that may or may not (according to different accounts) turn off autorun/autoplay. Why is there no global option in a Windows control panel for that?

        • Re:Autorun is evil (Score:4, Informative)

          by Repton (60818) on Sunday January 13 2008, @06:19PM (#22029092) Homepage

          The closest thing I know of to an official way of disabling autorun is to install Microsoft's powertoy TweakUI [microsoft.com]. As you might guess from the name, it gives you a GUI to tweak various aspects of the Windows user interface, including letting you turn off autorun. I've never had a problem with it.

  • Stupid idea (Score:5, Interesting)

    by CastrTroy (595695) on Sunday January 13 2008, @11:22AM (#22025542) Homepage
    I've always said that autoexecuting stuff on any media inserted was the stupidest feature ever created. It's just asking for viruses to be installed. Actually strike that. It's the second stupidest thing. The stupidest thing is Windows being configured by default to restart for updates after the user doesn't respond for some very short amount of time.

    • Re:Stupid idea (Score:5, Informative)

      by jo42 (227475) on Sunday January 13 2008, @11:36AM (#22025676) Homepage
      This is part of a reg file I run on every Windows machine I set up:

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDROM]
      "AutoRun"=dword:0000000

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "NoDriveTypeAutoRun"=dword:000000FF

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "NoDriveTypeAutoRun"=dword:000000ff

      Takes care of the autorun idiocy.
      • I have a similar file myself ... centralized all the best hacks.
      • I guess that is one advantage of having a single registry for all system settings. You can easily change tons of settings easily with just a single script file. Changing a bunch of settings in Linux would required a much more complicated script, or a lot more file editing. Still I think that having all the settings in a single file is not a great idea, but it has it's advantages.

        • Registries and stupid ideas (Score:4, Interesting)

          by tjwhaynes (114792) on Sunday January 13 2008, @06:36PM (#22029216)

          I guess that is one advantage of having a single registry for all system settings. You can easily change tons of settings easily with just a single script file.

          Erm - a single script file can easily update thousands of different configuration files on any platform. And for all the world-famous Windows user-friendlyness, I'll take editing some bizarre Linux scripts where key=value over trying to remember hexadecimal codes for Internet Explorer registry entries :-)

          Lets not overlook the dangers of having a single, unrebuildable registry for all the system settings... What happens when it gets hosed? I seem to remember that Windows 95 used to keep two copies of the registry around and could rebuild it if you deleted it. Windows XP seems to have lost that ability - I have no idea if Vista has recovered it.

          Cheers,
          Toby Haynes

          • Re: (Score:3, Interesting)

            by fluffy99 (870997)
            IF you have thousands of machines, it's likely you have Active Directory by now. Simply set the autorun, as well as the tons of other security settings, in a group policy and be done with it.

      • Re:Stupid idea (Score:4, Insightful)

        by mstahl (701501) <marrrrrk@@@gmail...com> on Sunday January 13 2008, @06:28PM (#22029164) Homepage Journal

        This is just what I've always been talking about with Windows. Why does it take this level of deep knowledge of the operating system to secure against the most idiotic of exploits? Ask an engineer of any other operating system about autorunning executable code from just any media that's inserted and they'll look at you like you've been taking crazy pills.

        This is along the same lines as many other questions I have about Windows, like why can image files execute code? Why is it possible for ActiveX scripts to change system registry values and download software to your hard drive? Why is everything not named the same between versions? Why does everyone still use it?

        Le sigh....

        • Re:Stupid idea (Score:4, Informative)

          by TheRaven64 (641858) on Sunday January 13 2008, @07:16PM (#22029558) Homepage Journal

          Ask an engineer of any other operating system about autorunning executable code from just any media that's inserted and they'll look at you like you've been taking crazy pills.
          The feature was introduced back in 1995. At this time, there were two kinds of removable drives in the average computer; floppy drives and CD-ROM drives. CDs could only be commercially pressed cheaply in large batches and so could be considered trusted. Floppy disks could be written by anyone, and so were not. This made sense until CD writers became cheap, at which point it became an easy virus transmission vector. Enabling it for read-write media was just brain-dead.

          By the way, like so many other Windows features, this one was copied from Apple. HFS CDs could have some flags set designating them as autostart CDs and a named file would be run when they were inserted. This 'feature' was used to spread a few Mac viruses in the '90s and was never added to OS X.

    • Re:Stupid idea (Score:4, Insightful)

      by garett_spencley (193892) on Sunday January 13 2008, @11:50AM (#22025782) Journal
      While I agree that auto-executing anything is very bad practice, most average users would go ahead and run the program anyway without giving any consideration to it's safety (or just assuming that it's safe because it wouldn't make sense for the manufacturer to harm their costumer's computers ... never thinking about a man-in-the-middle type of scenario).
      • Of course but at least then it would be the dumbass's fault instead of the anonymous dumbass at Microsoft.
    • The stupidest thing is Windows being configured by default to restart for updates after the user doesn't respond for some very short amount of time...

      grrrr...this one bit me at work again last week. I was in the middle of a big project and had probably half a dozen windows open. I cannot imagine why MS thought this was a good idea. Can I turn it off?
      • I simply tell it to download updates, but not install them. It creates a yellow alert in Windows Security Center, IIRC, but not one that brings up anything in the taskbar. And, it won't automatically reboot unless you install the updates - which you can tell it to do when shutting down, or do before you were going to restart anyway.

  • Malware Economics 101: It's a quantity game (Score:5, Insightful)

    by G4from128k (686170) on Sunday January 13 2008, @11:28AM (#22025608)
    I'd seriously doubt that malware distributors would focus on returned products as a vector for infection. The value of a pwned PC is simply too low to justify the labor of buying a product, infecting it, and returning it in hopes that it will infect another machine.

    Rather, I suspect infection at or near the source -- slipping malware into the firmware or shipped software that goes with the device. At that point in the software delivery chain, a single act of infection can be distributed to tens or hundreds of thousands of machines. I could also imagine targeting highly promiscuous machines (e.g. WiFi routers) that have a high chance of being in contact with other promiscuous machines (i.e. other routers or laptops).

    Although I'm sure some people get their grins by infecting one machine at time, the malware industry is more about collecting the largest quantity of machines at the lowest possible cost.
    • I agree with you, but never think that there aren't assholes out there who get kicks off of sticking it to random strangers. Money can greatly escalate a problem and it's scope, but sometimes people are just jerks and gladly act as such for free.

      If the world was asshole-free then people would never get their cars keyed, tires slashed or houses egged unprovoked.

  • Sony? Sears? (Score:5, Insightful)

    by dotancohen (1015143) on Sunday January 13 2008, @11:30AM (#22025630) Homepage
    The cases mentioned were just the accidents. What about deliberate malware installations, such as those done by Sony and Sears?

  • Learned About this a Long Time Ago (Score:5, Interesting)

    by NeverVotedBush (1041088) on Sunday January 13 2008, @11:31AM (#22025642)
    I bought a new 80386 (maybe a 486 - I forget) motherboard a long time ago and it had a 5 1/4 floppy disk included with the board drivers software. It was also infected with the Michaelangelo virus. I never knew it until I saw a message on the FIDOnet BBS from some idiot in Bulgaria talking about how his virus was coming and it was going to kill everyone's computers.

    I downloaded a free copy of McAffee and it found the virus on my computer as well as every floppy that I had inserted since then that wasn't write protected. McAfee's software offered to clean it but all it did was wipe out the MBR making it where I had to reformat and reinstall everything.

    I told a friend at school who had just bought a similar motherboard. He broke the seal on his driver disk, scanned it, and found the virus there too. It was coming from the factory infected.

    That was a lesson I will never forget and it happened almost 20 years ago.
  • this'd happen on floppy drives, 'fore any new fangled web browser or memory stick, when a real virus fit in a boot sector. Why we din'ner 'ave no serial bus unless it had a bored rate and even then it had'der have 25 pin's 'fore it were useful...

  • Special software included. Yay. (Score:5, Insightful)

    by cliffiecee (136220) on Sunday January 13 2008, @11:35AM (#22025666) Homepage Journal
    "Trying to (infect a product) all the way back at the factory - getting it through all the checks and balances -- would be pretty hard to do"

    No, it isn't anymore. Somebody in marketing had the bright (read: revenue-producing) idea of loading up a new storage device (which should be blank, damnit) with a bunch of advertising crap. Combine this with Windows' oh-so-helpful autolaunch features. Frankly I'm surprised it took this long to become a problem.

    I long for the days when you could buy an UNFORMATTED device. The OS would tell you it's unformatted, so you formatted it. Done.

  • The pervasiveness of the malware problem contributes to this

    Our shop had one shrink wrapped package that had malware included and when this was tracked down the vendor didn't know they had become infected and were distributing shrink-wrapped malware

    this underscores the importance of putting a stop to malware

    the fundamental error is at the concept level: it is wrong to think it is OK to run your programs on someone else' computer without their knowledge or permission

    to invert this properly back to the

    • Your logic fits well with the bozos at Microsoft as well.
      Remember that its their 'feature' which is causing this problem, not the user and the malware authors are only taking advantage of it.

  • I got one of these! (Score:5, Informative)

    by NitroWolf (72977) on Sunday January 13 2008, @12:09PM (#22025950) Homepage
    I bought a digital photo frame from Microcenter that was infected. I can't recall what the specific trojan was, but it was fairly benign in so far as it just replicated itself. As I recall it was a fairly old trojan and not very sophisticated... but none the less, it was on the brand new frame that was still sealed in the original factory stuff.

    I told Microcenter about it and they were like "Huh." Didn't ask anything more, nor did they remove the frames or check them. I was somewhat pressed for time, so I didn't try going up the chain of management to get someone to acknowledge that there was a problem.

    It's a good thing I found it though, since it was a gift for my technologicallly illiterate parents. I had taken it out of the package to load pictures up on it. If I had just given it to them directly, I'm not sure what would have happened. AVG caught it when it was plugged in via USB, so probably nothing drastic, except a phone call from my Dad asking me what the pop-up box meant.

  • Old news... (Score:3, Funny)

    by Bob Hearn (61879) on Sunday January 13 2008, @12:11PM (#22025956) Homepage
    Digital devices reaching consumers with malware already installed?

    Computers have been shipping with Microsoft products preinstalled for some time, I believe.

    • Old, but still kinda funny:

      Is windows a virus?

      No, Windows is not a virus. Here's what viruses do:

      * They replicate quickly - okay, Windows does that.

      * Viruses use up valuable system resources, slowing down the system as they do so - okay, Windows does that.

      * Viruses will, from time to time, trash your hard disk - okay, Windows does that too.

      * Viruses are usually carried, unknown to the user, al

  • I, for one (Score:5, Interesting)

    by DNS-and-BIND (461968) on Sunday January 13 2008, @12:16PM (#22026006) Homepage
    I work in manufacturing in China, and I would not be surprised in the least to find a worker who accepted a shockingly small bribe to place malware directly into factory produced firmware. Not saying that's what happened, but I sure wouldn't be surprised if it did. I also would not be surprised to discover that a worker's Windows PC transferred its infection to the master used for production.

  • It's branded as an eMotion device (model DF-EM7), but it looks identical to the ADS product.

    My question - because here at /., I'm not all that relatively geeky - is how would this spread? It accepts photos direct from the computer via a USB 2.0 cable or via memory card. Assuming I'm not stupid enough to plug the thing directly into my computer, am I safe? Will the trojan infect the memory card for subsequent infection of my hard drive (of my Windows machines, not my Mac, right?)?

    Also, is there a way f

    • And you cant fake a CDROM driver disk, right?
    • They buy a USB-enabled device of some kind (flash drive, electronic picture frame, MP3 player, cell phone, you name it) and plug it in. If their Windows box has auto-run enabled (and all do by default) then any malware on the device just got executed. Remember, many such products simply map in as a disk drive: any malware on the computer can recognize that and infect it, so the next time it gets plugged in it can infect another computer. Typical viral spread, the only difference being that now it's high-tec
    • 1) Right before the equipment is put in the box it should have its memory reset to factory condition AND have the firmware compared to what it should be.

      This will offer some protection against factory sabatoge.

      No it won't - if the "factory sabotage" consisted of (deliberately or accidentally) having malware as part of "what [the firmware] should be".

      2) Any time a unit is returned it should be reset to factory condition.

      This will take care of shoppers who buy, infect, and return merchandise.

      And how is a reai

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.