Sophisticated virus in digital photo frames

Surely a digital photo frame ought to be a safe gift, even to unsophisticated computer users? Think again.

Best Buy has revealed that an unknown number of digital photo frames it sold recently contained a sophisticated computer virus. There have been many stories about it. The San Francisco Chronicle article by Deborah Gage is pretty good.

"It is a nasty worm that has a great deal of intelligence," said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse.

The virus, which Computer Associates calls Mocmex, recognizes and blocks antivirus protection from more than 100 security vendors, as well as the security and firewall built into Microsoft Windows. It downloads files from remote locations and hides files, which it names randomly, on any PC it infects, making itself very difficult to remove. It spreads by hiding itself on photo frames and any other portable storage device that happens to be plugged into an infected PC.

The authors of the new Trojan Horse are well-funded professionals whose malware has "specific designs to capture something and not leave traces," Grayek said. "This would be a nuclear bomb" of malware.

By studying how the code is constructed and how it's propagated, Computer Associates has traced the Trojan to a specific group in China, Grayek said. He would not name the group.

The strength of the malware shows how skilled hackers have become and how serious they are about targeting digital devices, which provide a new frontier for stealing information from vast numbers of unwary PC owners.

See also this earlier article by Deborah.

Back in the days of floppy disks, cautious PC users always scanned any incoming floppy for viruses. But now we've gotten lazy, and plug in thumb drives, cameras, and picture frames without any thought that they may be carriers of malware. And some of us will pay dearly for this thoughtlessness.