Walmart Photo Keychain Comes Preloaded With Malware 224
Blowit writes "With the Christmas holidays just past and opening up your electronic presents may get you all excited, but not for a selected lot of people who got the Mercury 1.5" Digital Photo Frame from Walmart (or other stores). My father-in-law attached the device to his computer and his Trend Micro Anti-virus screamed that a virus is on the device. I scanned the one I have and AVAST did not find any virus ... So I went to Virscan.org to see which vendors found what, and the results are here and here." Update: 12/29 05:44 GMT by T : The joy is even more widespread; MojoKid points out that some larger digital photo frames have been delivered similarly infected this year, specifically Samsung's SPF-85H 8-inch digital photo frame, sold through Amazon among other vendors, which arrived with "W32.Sality.AE worm on the installation disc for
Samsung Frame Manager XP Version 1.08, which is needed for using the SPF-85H as a USB monitor." Though Amazon was honest enough to issue an alert, that alert offers no reason to think that only Amazon's stock was affected.
Flagged by shit anti-viruses (Score:0, Interesting)
Shit anti-viruses shitting their pants over the packer used and then pumping out a false positive (yes, in this case, I'm pointing at you too Avira!).
that's why USB autoplay is a bad idea (Score:5, Interesting)
this time it seems like it was the vendor's screwup, which is very rare, but it's very easy for someone to have a clean USB stick, then plug it into an infected PC and unknowingly get a trojan written to the USB stick.
i recently had close call myself when i took my PSP to work and plugged it into a workstation (i had some utilities and e-books saved on the memory stick). when i got home and plugged the PSP into my desktop, i noticed the PSP memory stick was displayed with an odd icon in My Computer. so i looked at the root directory and found a suspicious .exe file that i hadn't placed there, which was also referenced by a new autorun.inf file.
with thumbdrives, external hard drives, portable media players, and other flash memory devices becoming increasingly common, i expect more and more malware writers will exploit them as an infection vector, especially as autoplay is usually enabled by default on Windows systems. the only reason i had autoplay disabled was because i found it annoying, and that's the only reason i lucked out.
Re:that's why USB autoplay is a bad idea (Score:4, Interesting)
Funnily enough, there's a rumour going around that USB sticks were used to hack into the Pentagon:
http://catless.ncl.ac.uk/Risks/25.47.html#subj5 [ncl.ac.uk]
From the link:
If true, it was a simple but brilliantly effective method. Someone infected thumb drives with the WORM then dropped them around the Pentagon parking lot. The employees, picked them up, took them into their offices and plugged them into their office computers to determine the owner of the drive.
Re:Packer (Score:4, Interesting)
Re:Did you tell Walm*rt? (Score:3, Interesting)
This looks more like a false positive then anything, but unless Blowit actually submitted these files to all the antivirus vendors or went through one of the folks in the industry to fast-track it for checking there's no way to tell. There's a few places where this can be done(dslreports being my favorite), and send it off to the lab and see if it's a false positive or not and get an update pushed.
There's been innumerable cases in the past where files have been marked as virus/trojans due to similar encodings in the headers. While I took a look through the list as well, all of the decent av products didn't pick it up; while all of the poor ones did which simply tells me that they're using basic heuristics to look.
Why are you so shocked? (Score:5, Interesting)
You think they buy virus scanner software in a Chinese factory? No, these guys cut every corner they can to meet those razor thin profit margins.
Re:Flagged by shit anti-viruses (Score:3, Interesting)
Why invest in more intelligent heuristics and R&D when you could simply invest in fancy popup bubbles and slowing the customer's computer to a crawl with nagware! That's what happens when marketing takes over, folks!
Re:Packer (Score:4, Interesting)
Interesting. What packer would that be?
Note that none of the major commercial scanners... (Score:3, Interesting)
I note that virtually none of the major commercial scanners found anything.
I have trouble believing there's any significant malware that is generally known to the AV industry but is not detected by any of McAfee, Sophos, Symantec or Kaspersky. Particularly when the industry depends so heavily on scaring people into believing they are likely to become infected.
Re:Packer (Score:3, Interesting)
Yes, some virus scanners label anything that is runtime packed as malware, mostly because malware writers have been using packers as a cheap and easy disguise. But c'mon, that's so 2006.
No, that's so previous century. I can remember the same issue with virus scanners in the DOS era, where unpacking may have actually saved some space on floppies and hard disks. With a friend, we had a warning about a virus in many .exe's using a heuristic scan, which turned out to be a popular unpacker. To put this in perspective, this was on a 25 MHz 386 DX, 1 MB internal RAM and a 40 MB hard drive - which cost me my entire holiday savings and then some.
As a funny side note, some DOS utilities like format were labeled "trash programming". I heard this was mostly due the fact that the floppy disk was so hard to program for.
Re:Were they made by Sony? (Score:3, Interesting)
u3, is a pain in the ass.
I managed to get rid of it though. I believe I killed the process in taskmgr while the stick was mounted, then used diskmgr to remove both partitions and repartition the disk as one full storage device rather then a large portion + a few megs for u3.
Oh and then just make a md5 rule to disallow any more instance of u3 to run so your users can't bring a fresh stick in and screw you up. Of course I'm speaking in windows, so ummv.
Good Luck,
DP