|
Published: 2007-12-25, Last Updated: 2007-12-25 23:24:44 UTC by David Goldsmith (Version: 1) We received a report this afternoon from someone who had recently received a digital picture frame. Unfortunately, it had a extra component with it. The built-in storage came with what appears to be some malware already loaded on it -- a file called 'cfhskjn.exe' was on it when unpacked. Some of the behavior seen when the digital picture frame was connected to the computer was: * MSCONFIG would not run - it would briefly open and then terminate * The system would blue screen when starting in safe mode * Going to various anti-virus websites would result in the web browser terminating * Various popups for random name.exe "with 'not valid image' messages This specific product was an "ADS Digital Photo Frame - 8" (sold by Sam's Club - see http://www.samsclub.com/shopping/na...t=5&item=368725) but this type of infection can, and has affected other portable devices with internal storage. Kaspersky has a blog entry 'Adventures at altitude' (see http://www.viruslist.com/en/weblog?...187471&return=1) about one of their employees who bought a Kingston CF memory card that came with a virus on it. Whether its a picture frame, a digital camera or any USB, CF, SD, etc memory card, the portable nature of these devices dredges up of memories of all the floppy boot viruses we used to have to deal with. [ What's a 'floppy disk' you ask? ;-) ] Care should be taken when attaching storage devices to your computer to ensure you scan them for possible malware and handle them in as secure a fashion as is possible. David Goldsmith (dgoldsmith -at- sans.org) Part Two: http://isc.sans.org/diary.html?storyid=3807 Part Three: http://isc.sans.org/diary.html?storyid=3817 |
