Saturday, 16 February 2008

Linkage

Were you given a digital photo frame over the holiday?

Did you connect it to your computer?  You may be PWN3D:

An insidious computer virus recently discovered on digital photo frames has been identified as a powerful new Trojan Horse from China that collects passwords for online games - and its designers might have larger targets in mind.
...
The initial reports of infected frames came from people who had bought them over the holidays from Sam's Club and Best Buy.  New reports involve frames sold at Target and Costco, according to SANS, a group of security researchers in Bethesda, Md., who began asking for accounts of infected devices on Christmas Day.
...
...the researchers also found four other, older Trojans on each frame, which may serve as markers for botnets - networks of infected PCs that are remotely controlled by hackers. - San Francisco Chronicle
It's the old autorun game...

Best Buy should have been alert for this kind of stuff already.  The mass merchants (Sam's Club, Target, and Costco) had better learn quickly.

Elsewhere:
SANS Diary:  Digital Hitchhikers
SANS Diary:  Digital Hitchhikers part 2
SANS Diary:  Digital Hitchhikers part 3
SANS Diary:  Digital Hitchhikers part 4  (detailed info on Best Buy/Sams Club product)
SANS Diary:  Insignia Photo Frame Malware Request

Microsoft TechNet:  Island Hopping - the Infectious Allure of Vendor Swag
A Vista®-centric article, but buried within is this scary stuff:
The tools I have discussed so far use U3 (u3.com), a technology designed to enable users to bring programs with them on a flash drive.  In a nutshell, a U3-enabled flash drive lies about itself. It tells the OS that it is actually a USB hub with a flash drive and a CD plugged into it.  Windows® versions prior to Windows Vista® will, by default, automatically run programs designated in the autorun.inf file on CDs, but not on USB drives.  By lying about itself, the U3-enabled USB flash drive fools the OS into autorunning something called the U3 launcher.  The U3 launcher, in turn, can start programs, give you a menu, or do pretty much anything that you could do with the computer yourself.

All the exploit tools do is replace the launcher with the exploit code.  As soon as the flash drive is plugged into a Windows XP system, the exploit tool automatically runs.

Via:  Instapundit

Posted by: Old Grouch in Linkage at 21:12:20 GMT | No Comments | Add Comment
Post contains 387 words, total size 4 kb.

Comments are disabled. Post is locked.
70kb generated in CPU 0.0965, elapsed 0.3919 seconds.
51 queries taking 0.3841 seconds, 207 records returned.
Powered by Minx 1.1.6c-pink.

Search Thingy



Recent Comments

  • Jeyla Lim Drywall art uses accessories, adaptive materials, and drywall textures to create stunning designs an... entry
  • adamschule85 Thanks you for the nice post, i benefit a lot. https://www.cardetailingsaskatoon.com/ entry
  • Lhuna34 Great post! Thanks for sharing! https://www.insulationcoquitlam.com/insulation-replacement-coquit... entry
  • Jax Thank you for sharing your insights! Colorbond Fencing Coomera entry
  • Duong Great stuff! https://www.roofingstjohnsnl.com/ entry

Categories

Archives

Blogroll - m*.nu

Mad Scientist
Ace of Spades HQ
Brickmuppet 2.0
Chizumatic
Confederate Yankee
Cybrludite
Fair Whether
Hold the Mayo
Jawa Report
Kagogi the Destroyer
The Llama Butchers
Not Exactly Rocket Science
Possumblog
Physics Geek
Piratical Practical Penumbra
Protein Wisdom
Rittenhouse
Technicalities
Zaitcev
All the Mee-Nuvians
mu.nu H.Q.

Bloggers I've Met

The Adventures of Roberta X (and)
Assorted Meanderings
BabyTrollBlog
Back Home Again
Bayou Renaissance Man
The Black Sunday Society
The Cancer Ward
Carteach0 (and)
Days of our Trailers
Discordian Thought
Either With It, or On It
Engineering Johnson
Film at 11...
Gun Nuts Media
Hell in a Handbasket
Home On the Range
Hyperbolic Chamber
In the MIDDLE of the RIGHT
JB on the Rocks
Just the Library Keeper...
Keeping The Faith
Listen to Uncle Jay (and)
mike-istan
Mycroft HOLMES 4
Neanderpundit
Nobody Asked Me...
Non-Original Rants
On a Wing and a Whim
The One-Eyed King
Pennsylvania Rifles
Push the Pull Door
Random Associations
Rants of a Fuzzy Curmudgeon
Ready, Fire, Aim, Apologize
Rich’s Garage
self evidence
Self-Sufficient Slacker
Shootin’ the Breeze
ushanka.us
View From The Porch (and)
21/2 Baker Street

Blogroll - elsewhere

Punditry-- Fresh Daily
2.0: The Blogmocracy
Daily News Summary
Bleatage
Screedage
In Rupert’s Embrace
Hi, Hun!
The DiploMad 2.0
Warm Breeze
Icy Rage
Best London Trivia
formerly Chez Chaz
Veranda Visions
Coweta County correspondent
Canis Latrans
Ground Under Contention
Crucis’ Court
Rachel Lucas
Sword Sketched
...or “Me-ish”
Mustela Mumblings
doubleplusundead
Commentary Aggregated
Not THAT One...
Infant Canis lupus
Bookworm Room
Borepatch
David Thompson
Flopping Aces
Gateway Pundit
Just One Minute
Le•gal In•sur•rec•tion
Liberty’s Torch
¡No Pasarán!
Popehat
Doug Ross
Samizdata
Small Dead Animals
Sultan Knish
Transterrestrial Musings
Trotsky’s Children
Rogue Columnist
Obligatory Blogfather

The Blair
Diaspora Project
 

Storied Valhalla, of Ghosts and Memories
----------
Blair Himself
Andrea Harris
Gavin Atkins
Jules Crittenden
Paco Enterprises
J.F. Beck
Zoe Brain
Richard McEnroe
Bunyipitude
El Campeador’s Weblog
Carol’s Closet
Kae’s Bloodnut Blog
kc
missred
Mythusmage
Nilknarf Arbed
Steve at the Pub
SwampWoman
Boy on a bike
Coalition of the Swilling
The Currency Lad
Dogfight at Bankstown
et cetera
The Thin Man Returns
StraightShooters
The Tizona Group
Will Type For Food

Watching
the Government
 

Shadow Government Statistics
Sunlight Foundation
Landmark Legal Foundation

Watching
the Campus
 

Center for the American University
The Pope Center

Watching the Left
 

DiscoverTheNetworks.org

Watching the Press

Open Europe’s Daily Press Summary
EuroSavant
Biased BBC
Buzzmachine
NewsBusters
Don Surber
Newsosaur
Newspaper Death Watch
Page Nine
smartertimes.com
------
the “JournOListas” List

Anybody
remember radio?
 

JacoBlog
Radio Survivor
------
Radio Discussions
BE’s Virtual Engineer
RadioInsight
RadioInsight Community
------
AmericanRadioHistory.com
Indiana Radio Archive

Good Folks

Wildrun
ARPO
Indy Feral
Southside Animal Shelter
Wendy’s Feline Friends
Black Cat Rescue
Rags to Riches Rescue
Feline Rescue, Inc.


Girl Genius online
Evil Mad Scientist Laboratory
Carnival of the Cats
Free Lossless Audio Codec
Lindsay Technical Books

Useful stuff

Get Yer Own Blog
Link federal legislation
Copyright and Fair Use
Build Your Own PC: 1 2 3 4
...and then de-virus it
Network Neutrality papers
Defeat Censorware
VintageMachinery.org
Fully Informed Jury Association
How anti-SLAPP Statutes Work
The Internet Arguing Checklist
Seven Stages of Liberal Legal Activism
Freedom in the 50 States
The DHS Suspicious Words List
Dreadful Phrases
BB Code Examples
“Lorem ipsum” for you!
Tech Support Cheat Sheet
Test Card
Things Women Will
    Never Understand About Men
Life Lessons from the Three Stooges
Weather Radar (East Central)
timeanddate.com

Think About It

The Three Conjectures
The “Jews In the Attic” Test
America’s Ruling Class
Who Goes Nazi?
Kafkatrapping
9/11 Recollections
Reynolds’ Law
Central Planning, Home Edition
The Easier-For-Them Association
Robert Peel’s 9 Principles

Monthly Traffic

  • Pages: 5892
  • Files: 1359
  • Bytes: 500.9M
  • CPU Time: 9:49
  • Queries: 265526

Content

  • Posts: 2481
  • Comments: 2212

Feeds


RSS 2.0 Atom 1.0


RIPA (U.K.) NOTICE: NO CONSENT is given for interception of page transmission.