Skip to content

Culprits (Not) Framed

EARLIER THIS YEAR, a picture of the current state of malware came from a surprising source—digital photo frames. Several computer virus infections were traced to the devices, which had connected to PCs via USB, showing that malware can exist in virtually any memory-bearing device.

The discovered Trojan Horse, called Mocmex, was found to have originated from several 10.4-inch devices from the frame-maker Insignia. They were reportedly purchased at Best Buy, which, along with Insignia, has issued a recall.

Once insinuated on Windows machines, the bug’s effects included blocking antivirus (AV) software and access to AV sites; downloading files, randomly naming them, and hiding them on infected computers; and generating blue screens on start-up, according to the antivirus firm Sophos. The malware aimed to capture passwords, sending them back across the Web.

Similar problems have been found in other memory-containing devices in recent years. A number of TomTom GPS navigational systems were found to contain a pre-installed virus in early 2007. In late 2006, Apple acknowledged that a relatively small number of iPods had been shipped with a malicious file.

Both consumers and businesses need to be more cautious about the growing number of gadgets containing computer chips, according to analysts. With so much attention focused on the possibility of contracting malware from networked business devices, gadget-related threats have largely gone unnoticed.

“It’s a great way to spread viruses,” says Avivah Litan, vice president and analyst at Gartner, speaking of the picture frames. “Companies are not prepared for viruses from trusted applications.”

Companies can protect themselves in numerous ways. “Everything plugged in should be scanned with antivirus software,” says Litan.

That’s not routinely done, however. Most AV products do not automatically scan USB drives and other plug-ins, according to analysts.

Organizations with automatic-scanning capability should take advantage of it, says Litan. Lacking this capacity, organizations can use other measures. These could include locking down USB drives or asking employees to manually scan plugins after their insertion.

A growing number of AV products have versions that a user can download directly onto flash drives to ensure that the drives won’t transmit a virus.

Frequent patching is also important, adds Litan. A growing number of organizations are also using behavioral-analysis applications, she says. An example is host-based intrusion prevention systems (HIPS). Working on top of traditional firewalls and antivirus products, HIPS reside on individual computers. Using heuristic-based detection, they monitor for system changes that could result from as yet-undiscovered malware.

How and why the bug got on the picture frames isn’t precisely known. According to Insignia’s Web site, it was “during the manufacturing process.”

Brian Grayek, who heads product development at technology services firm CA, Inc., says he sees several possibilities. One possible cause is that the devices “caught” the malware from an infected factory machine. Another is that the infection was caused—either on purpose or inadvertently—by someone in manufacturing quality control. Another is that the bugs were added during shipment to the United States.

The exact reason for the TomTom infections was never discovered either. But at the time, TomTom International BV said that all the infected systems were manufactured in the same week.

Grayek places the onus on U.S. resellers. “If I were the retailers selling the frames, I’d tell the manufacturer that if it happens again, we’ll stop doing business with you.”