• Please use real names.

    Greetings to all who have registered to OPF and those guests taking a look around. Please use real names. Registrations with fictitious names will not be processed. REAL NAMES ONLY will be processed

    Firstname Lastname

    Register

    We are a courteous and supportive community. No need to hide behind an alia. If you have a genuine need for privacy/secrecy then let me know!
  • Welcome to the new site. Here's a thread about the update where you can post your feedback, ask questions or spot those nasty bugs!

Malicious Picture Frames from China: Did you get one?

Asher Kelman

OPF Owner/Editor-in-Chief
From sfgate.org we hear of the "Viirus from China, the gift that keeps on giving."

ba_malware.jpg


A new Trojan horse virus collects passwords, currently just game passwords but could take anything from your hard drives! Computer Associates named this sophisticated virus Mocmex and this is immune to more than 100 antivirus protocols. Microsoft security in Windows and it's firewall are of no defense!

The PC computers that get infected (via a CF or other card) pull in and hide files from everywhere and rename them. This seems to have originated in a specific group in China.

Since it is not really very malicious right now, it may simply be a test on a massive scale to learn how it propagates

"Updated antivirus software works unless the malware writers get ahead of the antivirus vendors, which is what happened with the new Trojan. Computer Associates, for example, just began protecting against it last week."

My suggestion: if you must use a digital Picture Frame, never connect it to you PC or Mac, just do a one way last use sacrifice of a cheap CF or SD card.

Asher
 
A new Trojan horse virus collects passwords, currently just game passwords but could take anything from your hard drives! Computer Associates named this sophisticated virus Mocmex and this is immune to more than 100 antivirus protocols. Microsoft security in Windows and it's firewall are of no defense!

Does anyone have a link to an actual Computer Associates report? I see this story all over the blogs and forums and it's been picked up by a couple of regional news sources, but I don't see anything from the CA site directly (http://ca.com/us/securityadvisor/) and I don't see anything from the national news sources. I'm a little skeptical and not entirely sure that there isn't a some social engineering going on here rather than a real attack. There are people out there that are not entirely thrilled that China is hosting the Olympics and since I'm in a tinfoil hat mood I wouldn't entirely rule out some attempts being made to embarrass the Chinese government prior to the games. On the other hand the most current news on CA's site is from the 12th....

Collecting the game passwords could be the entire purpose of the virus. Selling game items and virtual money is a huge industry in China (among other places) and against the service terms of most online games. The gold farmers (as they're called) can use those passwords to clean out all the good items from the account, then use that account to advertise their services in the game which usually results in the account and the credit card it was subscribed with being banned from the game. Many of the gold farmer groups are also involved in other illegal activities like credit card fraud, they are very organized and skilled with computers, so I wouldn't put a virus of this sort past them.

Regardless, the trojan copies itself to any portable storage connected to the computer, not just picture frames. The defense against malware that the antivirus software can't detect is to always run in a limited user account that can't make changes to your system files or the root of your system disk, don't click "yes" on any dialog that you weren't expecting and don't understand exactly what it's doing, and to keep a current backup of your system.

-Colleen
 
Top