25.12.07

New Hardware contains Virus/Malware

This is another report of buying NEW Hardware with Virus/Malware pre-installed on it.
So lets see now......We have HD's with them, We have USB sticks with them, and now the Digital Picture Frame.[Which I still think are cool.] I'm sure there are many other devices out in the Wild we don't know about. I mean if some of these things happened on your Box, would you suspect the New Hardware of installing or having installed it??
My Question is: Who is doing this, and why.
Well the who seems fairly easy. Correct me if I'm wrong. The who is China. I say this due to the fact most of these types of electronics and damn near everything else comes from them. Under the Direction of whom is all together another Question.
Is this another way to prepare for the coming 'CYBER WARS'?
Infect and control as much as possible before your adversary has a chance.
Sounds about right in War strategy.
------------------------------------

Digital Hitchhikers

Published: 2007-12-25,
Last Updated: 2007-12-25 23:24:44 UTC
by David Goldsmith (Version: 1)
http://isc.sans.org/diary.html?storyid=3787

We received a report this afternoon from someone who had recently received a digital picture frame. Unfortunately, it had a extra component with it. The built-in storage came with what appears to be some malware already loaded on it -- a file called 'cfhskjn.exe' was on it when unpacked.

Some of the behavior seen when the digital picture frame was connected to the computer was:

* MSCONFIG would not run - it would briefly open and then terminate
* The system would blue screen when starting in safe mode
* Going to various anti-virus websites would result in the web browser terminating
* Various popups for random name.exe "with 'not valid image' messages

This specific product was an "ADS Digital Photo Frame - 8" (sold by Sam's Club - see http://www.samsclub.com/shopping/navigate.do?dest=5&item=368725) but this type of infection can, and has affected other portable devices with internal storage.

Kaspersky has a blog entry 'Adventures at altitude' (see http://www.viruslist.com/en/weblog?discuss=208187471&return=1) about one of their employees who bought a Kingston CF memory card that came with a virus on it.

Whether its a picture frame, a digital camera or any USB, CF, SD, etc memory card, the portable nature of these devices dredges up of memories of all the floppy boot viruses we used to have to deal with. [ What's a 'floppy disk' you ask? ;-) ]

Care should be taken when attaching storage devices to your computer to ensure you scan them for possible malware and handle them in as secure a fashion as is possible.

David Goldsmith (dgoldsmith -at- sans.org)

2 comments:

Brian said...

Did anyone else get this or was this one reported case? My parents got me this for Christmas but if this is on every single unit, I'll return it pronto.

Ed said...

@Brian

I really don't know. I will say that if your computer is experiencing/having any of the problems mentioned, you should try and find the cause. So many bad things out there could cause the same problems. Are you having computer problems after using this device, if so please share so others will have an Idea.

Thanks for stopping by,
Ed
12/28/07