Go Back   RetouchPRO > Community > Salon
Register Blogs FAQ Site Nav Search Today's Posts Mark Forums Read

Salon Just hanging around...
(Social area, where non-retouching talk is encouraged)

URGENT - Virus discovered on digital photo frames

Thread Tools
Old 02-18-2008, 09:33 PM
rondon rondon is offline
Senior Member
Join Date: Mar 2002
Location: north central florida
Posts: 470
Exclamation URGENT - Virus discovered on digital photo frames

Hi Ron,

Please pass this along to anyone you know with a digital picture frame that connects to a PC via USB. I have one, but I use a USB stick to load the photos. I thought it may be of interest to the photo-editing sites you frequent.


-------- Original Message --------

Virus from China the gift that keeps on giving
Deborah Gage, Chronicle Staff Writer

Friday, February 15, 2008

An insidious computer virus recently discovered on digital photo frames has been identified as a powerful new Trojan Horse from China that collects passwords for online games - and its designers might have larger targets in mind.

"It is a nasty worm that has a great deal of intelligence," said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse.

The virus, which Computer Associates calls Mocmex, recognizes and blocks antivirus protection from more than 100 security vendors, as well as the security and firewall built into Microsoft Windows. It downloads files from remote locations and hides files, which it names randomly, on any PC it infects, making itself very difficult to remove. It spreads by hiding itself on photo frames and any other portable storage device that happens to be plugged into an infected PC.

The authors of the new Trojan Horse are well-funded professionals whose malware has "specific designs to capture something and not leave traces," Grayek said. "This would be a nuclear bomb" of malware.

By studying how the code is constructed and how it's propagated, Computer Associates has traced the Trojan to a specific group in China, Grayek said. He would not name the group.

The strength of the malware shows how skilled hackers have become and how serious they are about targeting digital devices, which provide a new frontier for stealing information from vast numbers of unwary PC owners. More than 2.26 million digital frames were sold in 2007, according to the Consumer Electronics Association, and it expects sales to grow to 3.26 million in 2008.

The new Trojan also has been spotted in Singapore and the Russian Federation and has 67,500 variants, according to Prevx, a security vendor headquartered in England.

Grayek said Mocmex might be a test for some bigger attack, because it's designed to capture any personal, private or financial information, yet so far it's only stealing passwords for online games.

"If I send you a package but it doesn't explode, why did I send it?" he said. "Maybe I want to see if I can get it out to you and how you open it."

The initial reports of infected frames came from people who had bought them over the holidays from Sam's Club and Best Buy. New reports involve frames sold at Target and Costco, according to SANS, a group of security researchers in Bethesda, Md., who began asking for accounts of infected devices on Christmas Day. So far the group has collected more than a dozen complaints from people across the country.

The new Trojan isn't the only piece of malware involved. Deborah Hale of Sans said the researchers also found four other, older Trojans on each frame, which may serve as markers for botnets - networks of infected PCs that are remotely controlled by hackers.

There is W32.Rajump, which deposits the same piece of malware that infected some of Apple's video iPods during manufacturing in October 2006. It gathers Internet Protocol addresses and port numbers from infected PCs and ships them out, according to Symantec. One destination is registered to a service in China that allows people to conceal their own IP addresses.

Then there is a generic Trojan; a Trojan that opens a back door on PCs and displays pop-up ads; and a Trojan that spreads itself through portable devices like Mocmex does.

How all this malware got onto the photo frames and what it's doing there is unclear. Trojans can download other Trojans, which is part of how botnets are controlled.

While SANS is investigating the infections, the retailers are saying little.

Sam's Club said it has found no infected frames, and its distributor, Advanced Design Systems, did not return calls seeking comment.

A few Target customers complained about frames distributed by Uniek, a store spokesman confirmed. Target is no longer selling those frames, but that's because the frames didn't sell well over the holidays, he said. Target has found no infections, he said, but is watching for them.

Best Buy said one line of its Insignia frames - also now discontinued - was infected during manufacturing but would not provide details.

Costco did not return calls seeking comment.

How to avoid problems
Protecting against these new computer viruses, which so far are aimed at PCs running Windows, is hard - and sometimes impossible.

Updated antivirus software works unless the malware writers get ahead of the antivirus vendors, which is what happened with the new Trojan. Computer Associates, for example, just began protecting against it last week.

While some advise disabling Autorun in Windows, which allows devices to run automatically when they're plugged into a USB port, it's not a failsafe. Doing so requires some computer expertise, and this Trojan re-enables Autorun if it's turned off, according to Brian Grayek of Computer Associates. "If you plug in (the frame), you're already infected," he said.

Deborah Hale at SANS suggested that PC users find friends with Macintosh or Linux machines and have them check for malware before plugging any device into a PC.

She also recommended backing up data with an online service such as that offers free backup for home users with less than 2 gigabytes of data. But it does not back up the operating system, she warned. If you're attacked and your PC fails, you'll have to reformat and reload all of the programs.

If you think bought an infected device, e-mail SANS at and call your retailer.

-- Best Buy: (877) 467-4289

-- Sam's Club: (888) 746-7726

-- Target: (800) 591-3869

-- Costco: (800) 955-2292

E-mail Deborah Gage at

Reply With Quote top
Old 02-26-2008, 10:59 PM
DannyRaphael's Avatar
DannyRaphael DannyRaphael is offline
Join Date: Mar 2002
Location: Near Seattle, Washington, USA
Posts: 6,300
Exclamation Re: Virus discovered on digital photo frames

Wow... this is not a good sign.

Just got around to reading this. Everyone should.

Thanks a bunch for the info.
Reply With Quote top
Old 02-27-2008, 06:01 AM
denschneider's Avatar
denschneider denschneider is offline
Join Date: Sep 2002
Location: ontario canada
Posts: 81
Re: URGENT - Virus discovered on digital photo fra

Here is a link with a little more info if anyone thinks they may be infected
Reply With Quote top
Old 02-28-2008, 02:38 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Re: URGENT - Virus discovered on digital photo fra

For anyone who thinks they have one of these Autorun viruses, they are best removed by trained personnel (the infection will block the running of many Anti-Virus and Anti-Spyware Programs). Both your computer, and any USB memory devices will need to be cleaned if re-infection is not to happen.

In the library you will find a list of sites that supply that kind of service free.
Reply With Quote top
Old 02-28-2008, 10:44 PM
rondon rondon is offline
Senior Member
Join Date: Mar 2002
Location: north central florida
Posts: 470
Re: Virus discovered on digital photo frames

Wow... this is not a good sign.

I was thinking along those lines. Sort of like a deer caught in the headlights. Riveting and dangerous.
Not just because this one has a lot of potential but you have to wonder if there are undiscovered similar threats in other products.
No doubt our leaders lament the straight-forward trench warfare of “The Great War”.
I’ve been curious about the 3 undersea cable cuttings recently; it does show a weakness for the off shoring system that has cut a lot of payroll in the client-country.
Maybe that was a test by the bad guys too.
Reply With Quote top

  RetouchPRO > Community > Salon

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Digital Background Liz Photo Retouching 6 02-22-2008 03:58 PM
Round tin photo circa 1910 Souloist History, Conservation, and Repair 1 02-10-2008 09:22 AM
Need help to restore old photo beerman Photo Restoration 9 02-06-2008 05:11 PM
Rescuing wet photo collection Scott Rose Photo Restoration 3 01-29-2008 11:57 PM
Digital photo manipulation jobs ? cyberartist Work/Jobs 7 06-06-2002 12:40 PM

All times are GMT -6. The time now is 04:05 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
Copyright © 2016 Doug Nelson. All Rights Reserved