Open Photography Forums  
HOME FORUMS NEWS FAQ SEARCH

Go Back   Open Photography Forums > OPF Welcome Hall > Breaking News

Breaking News Updates, innovations, equipment: moderated!

Reply
 
Thread Tools Display Modes
  #1  
Old February 15th, 2008, 10:11 PM
Asher Kelman Asher Kelman is online now
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 32,725
Default Malicious Picture Frames from China: Did you get one?

From sfgate.org we hear of the "Viirus from China, the gift that keeps on giving."



A new Trojan horse virus collects passwords, currently just game passwords but could take anything from your hard drives! Computer Associates named this sophisticated virus Mocmex and this is immune to more than 100 antivirus protocols. Microsoft security in Windows and it's firewall are of no defense!

The PC computers that get infected (via a CF or other card) pull in and hide files from everywhere and rename them. This seems to have originated in a specific group in China.

Since it is not really very malicious right now, it may simply be a test on a massive scale to learn how it propagates

"Updated antivirus software works unless the malware writers get ahead of the antivirus vendors, which is what happened with the new Trojan. Computer Associates, for example, just began protecting against it last week."

My suggestion: if you must use a digital Picture Frame, never connect it to you PC or Mac, just do a one way last use sacrifice of a cheap CF or SD card.

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #2  
Old February 18th, 2008, 01:30 PM
Colleen Vermillion Colleen Vermillion is offline
Member
 
Join Date: Nov 2007
Location: Austin, TX
Posts: 134
Default

Quote:
Originally Posted by Asher Kelman View Post
A new Trojan horse virus collects passwords, currently just game passwords but could take anything from your hard drives! Computer Associates named this sophisticated virus Mocmex and this is immune to more than 100 antivirus protocols. Microsoft security in Windows and it's firewall are of no defense!
Does anyone have a link to an actual Computer Associates report? I see this story all over the blogs and forums and it's been picked up by a couple of regional news sources, but I don't see anything from the CA site directly (http://ca.com/us/securityadvisor/) and I don't see anything from the national news sources. I'm a little skeptical and not entirely sure that there isn't a some social engineering going on here rather than a real attack. There are people out there that are not entirely thrilled that China is hosting the Olympics and since I'm in a tinfoil hat mood I wouldn't entirely rule out some attempts being made to embarrass the Chinese government prior to the games. On the other hand the most current news on CA's site is from the 12th....

Collecting the game passwords could be the entire purpose of the virus. Selling game items and virtual money is a huge industry in China (among other places) and against the service terms of most online games. The gold farmers (as they're called) can use those passwords to clean out all the good items from the account, then use that account to advertise their services in the game which usually results in the account and the credit card it was subscribed with being banned from the game. Many of the gold farmer groups are also involved in other illegal activities like credit card fraud, they are very organized and skilled with computers, so I wouldn't put a virus of this sort past them.

Regardless, the trojan copies itself to any portable storage connected to the computer, not just picture frames. The defense against malware that the antivirus software can't detect is to always run in a limited user account that can't make changes to your system files or the root of your system disk, don't click "yes" on any dialog that you weren't expecting and don't understand exactly what it's doing, and to keep a current backup of your system.

-Colleen
Reply With Quote
  #3  
Old February 20th, 2008, 06:03 PM
Colleen Vermillion Colleen Vermillion is offline
Member
 
Join Date: Nov 2007
Location: Austin, TX
Posts: 134
Default Full report

Just an update - Computer Associates published their report on this virus the other day:

http://www.ca.com/us/securityadvisor....aspx?id=68701
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 06:01 PM.


Posting images or text grants license to OPF, yet of such remain with its creator. Still, all assembled discussion 2006-2017 Asher Kelman (all rights reserved) Posts with new theme or unusual image might be moved/copied to a new thread!