Unwanted Code Takes Advantage of Gifted Digital Devices

In recent postings on their blogs, researchers at Kaspersky, Sans.org and Microsoft said that users should be careful while plugging gadgets received as holiday gifts into their PC and laptops.

According to SANS Internet Storm Center, the company that monitors network threats, in December 2007, there were at least three reports from consumers who unwittingly installed malware onto their systems when they attached to them photo frames - panel displays of small size showing digital pictures - they got as holiday gifts. Each incident related to the same electronic item and the same store, indicating that the products contained infection either during manufacturing or while shipping, said Marcus Sachs, (who volunteers as the director to the Internet Storm Center). The Register reported this on January 11, 2008.

According to CNET's news published on January 7, 2008, Marcus Sachs said that in the past years, such infection-carrying products limited to USB memory sticks and iPods, but now they include GPS devices, digital cameras, external hard drives, and digital photo frames.

During Christmas, Sans.org had started an unofficial investigation following David Goldsmith's receipt of an ADS Digital Photo Frame-8, in which the researcher found that the in-built storage of 128MB contained an executable file named cfhskjn.exe. When Goldsmith tried to run the file, his computer screen displayed multiple error messages.

Many other users have also noticed various storage devices behave unusually. Kaspersky anti-virus unit reports that it bought a Kensington memory card in Nepal that contained a computer virus called Worm.VBS.Small.n. In a second blog of Kaspersky, the company mentions about Victory LT-200, an MP3 audio player that contains the Worm.Win32.Fujack.aa malware.

Sachs said that at the time of the first incident, they thought that the person who might have been otherwise infected blamed the digital photo frame for the infection. But this seems to be malware that probably was not properly detected. So anyone could attach a portable product and get infected with some malware without knowing about its presence, Sachs analyzed, reported The Register.

The incidents highlight that spread of electronic objects having onboard memory implies that consumers need to constantly be wary of threats from unwelcome code playing mischief.

Related article: Unauthorized Patch by Researcher Posts Threat for Microsoft

» SPAMfighter News - 1/22/2008