ChristiansUnite Forums

Entertainment => Computer Hardware and Software => Topic started by: Soldier4Christ on February 17, 2008, 01:17:21 PM



Title: Virus from China the gift that keeps on giving
Post by: Soldier4Christ on February 17, 2008, 01:17:21 PM
Virus from China the gift that keeps on giving

An insidious computer virus recently discovered on digital photo frames has been identified as a powerful new Trojan Horse from China that collects passwords for online games - and its designers might have larger targets in mind.

"It is a nasty worm that has a great deal of intelligence," said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse.

The virus, which Computer Associates calls Mocmex, recognizes and blocks antivirus protection from more than 100 security vendors, as well as the security and firewall built into Microsoft Windows. It downloads files from remote locations and hides files, which it names randomly, on any PC it infects, making itself very difficult to remove. It spreads by hiding itself on photo frames and any other portable storage device that happens to be plugged into an infected PC.

The authors of the new Trojan Horse are well-funded professionals whose malware has "specific designs to capture something and not leave traces," Grayek said. "This would be a nuclear bomb" of malware.

By studying how the code is constructed and how it's propagated, Computer Associates has traced the Trojan to a specific group in China, Grayek said. He would not name the group.

The strength of the malware shows how skilled hackers have become and how serious they are about targeting digital devices, which provide a new frontier for stealing information from vast numbers of unwary PC owners. More than 2.26 million digital frames were sold in 2007, according to the Consumer Electronics Association, and it expects sales to grow to 3.26 million in 2008.

The new Trojan also has been spotted in Singapore and the Russian Federation and has 67,500 variants, according to Prevx, a security vendor headquartered in England.

Grayek said Mocmex might be a test for some bigger attack, because it's designed to capture any personal, private or financial information, yet so far it's only stealing passwords for online games.

"If I send you a package but it doesn't explode, why did I send it?" he said. "Maybe I want to see if I can get it out to you and how you open it."

The initial reports of infected frames came from people who had bought them over the holidays from Sam's Club and Best Buy. New reports involve frames sold at Target and Costco, according to SANS, a group of security researchers in Bethesda, Md., who began asking for accounts of infected devices on Christmas Day. So far the group has collected more than a dozen complaints from people across the country.

The new Trojan isn't the only piece of malware involved. Deborah Hale of Sans said the researchers also found four other, older Trojans on each frame, which may serve as markers for botnets - networks of infected PCs that are remotely controlled by hackers.

There is W32.Rajump, which deposits the same piece of malware that infected some of Apple's video iPods during manufacturing in October 2006. It gathers Internet Protocol addresses and port numbers from infected PCs and ships them out, according to Symantec. One destination is registered to a service in China that allows people to conceal their own IP addresses.

Then there is a generic Trojan; a Trojan that opens a back door on PCs and displays pop-up ads; and a Trojan that spreads itself through portable devices like Mocmex does.

How all this malware got onto the photo frames and what it's doing there is unclear. Trojans can download other Trojans, which is part of how botnets are controlled.

While SANS is investigating the infections, the retailers are saying little.

Sam's Club said it has found no infected frames, and its distributor, Advanced Design Systems, did not return calls seeking comment.

A few Target customers complained about frames distributed by Uniek, a store spokesman confirmed. Target is no longer selling those frames, but that's because the frames didn't sell well over the holidays, he said. Target has found no infections, he said, but is watching for them.

Best Buy said one line of its Insignia frames - also now discontinued - was infected during manufacturing but would not provide details.

Costco did not return calls seeking comment.
How to avoid problems

Protecting against these new computer viruses, which so far are aimed at PCs running Windows, is hard - and sometimes impossible.

Updated antivirus software works unless the malware writers get ahead of the antivirus vendors, which is what happened with the new Trojan. Computer Associates, for example, just began protecting against it last week.

While some advise disabling Autorun in Windows, which allows devices to run automatically when they're plugged into a USB port, it's not a failsafe. Doing so requires some computer expertise, and this Trojan re-enables Autorun if it's turned off, according to Brian Grayek of Computer Associates. "If you plug in (the frame), you're already infected," he said.

Deborah Hale at SANS suggested that PC users find friends with Macintosh or Linux machines and have them check for malware before plugging any device into a PC.

She also recommended backing up data with an online service such as Mozy.com that offers free backup for home users with less than 2 gigabytes of data. But it does not back up the operating system, she warned. If you're attacked and your PC fails, you'll have to reformat and reload all of the programs.

If you think bought an infected device, e-mail SANS at info@sans.org and call your retailer.

-- Best Buy: (877) 467-4289

-- Sam's Club: (888) 746-7726

-- Target: (800) 591-3869

-- Costco: (800) 955-2292


Title: Re: Virus from China the gift that keeps on giving
Post by: nChrist on February 17, 2008, 05:51:44 PM
 ;D   I'll just have to claim ignorance and say that I don't know what these photo frames are. Of course, I just recently found out what an Ipod is, so I'm not very informed about all the new and high technology gadgets and software.

My first thought was that everyone has family pictures, so maybe someone is selling software that will place a frame around those pictures. However, I'm going to guess that I don't understand this at all.   ;)

I use nothing but Linux Ubuntu now, and I don't regret the change. The file structure and permissions of each individual file make them difficult targets for the plague of things that hit the Windows Operating system. The Linux file system makes a ton of common sense. Everything works on a graduated system of permissions to use each and every single file on the entire computer. So, the virus, trojan, worm, etc. must fit the permission settings to access a file. On Linux, there is an unlimited number of ways to specify permissions, including encrypted ways. I haven't experimented with encrypted methods yet, but there is a Linux Ubuntu version that is completely encrypted from the start.

Normal levels of permissions involve:

Root
Administrator
Owner
Owner's Group
Other

It's important to note that there are lengthy lists of permissions that can be installed quite easily. The above represents a most simple example. In the case of an encrypted Linux System, there would be an Encrypted Key to access the permissions listed above and more. Without the proper Encryption Key, no access would be given. Even without encryption, Linux is MUCH more secure and makes excellent common sense. There are also permissions within permissions, and examples of these are:

Read Only
Read and Write
Modify
Delete
Execute

This is just a brief of permissions, but you could easily see that there could be a massive number of combinations without encryption. With encryption, the number of permissions would be astronomical.

Before I forget it, would someone please tell me what a photo frame is like the one transmitting the virus from China? Thanks in advance. --- Non-Geek


Title: Re: Virus from China the gift that keeps on giving
Post by: Rhys on February 17, 2008, 06:42:07 PM
The photo frames allow you to upload photos from your PC which they then display. They look quite like a normal framed photograph and can be hung on the wall or put on a shelf, but the pictures can be changed or even change automatically at intervals.


Title: Re: Virus from China the gift that keeps on giving
Post by: Soldier4Christ on February 17, 2008, 07:39:45 PM
These are digital photo frames as brother Rhys has said. Some of the digital photo frame programs allow you to give a picture a more elegant professional look like a faded edge that brings more attention to the subject(s) in the photo. Best Buy is one company that has admitted to selling one of these software packages and since then has pulled it off their shelf. Theirs was a pretty detailed program that allowed you to do much more than place a simple frame around the picture. One of the many functions it had was to allow you to put the picture frame on your desktop and would change the picture according to settings you gave it sort of like a screen saver.



Title: Re: Virus from China the gift that keeps on giving
Post by: nChrist on February 18, 2008, 12:18:13 AM
Thanks Brothers!

I have a good idea what this is now. I haven't heard of this and don't have anything like it. The closest thing I might have had when I had Windows was a program to help you make photo albums to share with other family members. The main functions were resizing, grouping, and labeling - and I think it was freeware from Adobe. I've also seen several simple programs that make slide-shows out of family pictures and they can be the screen saver. However, I don't remember anything about frames, so this must be something new. I think that I'll just be glad that I didn't try something like this.


Title: Re: Virus from China the gift that keeps on giving
Post by: Pizza_Mahal on February 19, 2008, 07:32:59 AM
(http://img.photobucket.com/albums/v512/Pizza_Al/emotions/sigh.gif) I guess, I won't play Maplestory for little while.