Digital Picture Frames with malware

Now you also have to be careful when you buy digital picture frames. There have been numerous reports of some of these devices being infected with a virus. When you put in a photo memory card it installs a trojan onto the card. Then later, if you put the card into your computer it can install the trojan onto the computer.

old photoIt then tries to stop any anti-virus system the computer may have and then starts stealing passwords. Pretty serious stuff.

And it seems the digital picture frames came from the factory with this already installed. No one had tampered with the devices beforehand.  This has been happening to quite a few digital gadgets such as MP3 players.

A good anti-virus system will detect this and prevent itself to be disabled, so if you haven’t already done so invest in one. And if you come across such a device have a chat to the store you bought it from, it’s possible they have no idea it’s happening.

Update (26 Jan 08): Best Buy were selling these devices with the brand name Insignia. They’ve just realised and have taken the off the shelf and are trying to contact customers who bought them.

Photo Gallery Downloads

powerstation This isn’t a new trick but scammers still try it. An email is sent telling the story of a tragic accident that’s happened (e.g. a nuclear meltdown in some city). There’s a link to a website with photos. It seems interesting except you’re asked to download a plugin (or codec) to view the photos.

You don’t need any plugins or codecs to view photos. And more importantly, the story about a nuclear meltdown or whatever other large disaster they think of is most probably false.

Be very cautious of anything that asks you to download a plugin or codec. It’s almost always not worth the effort and it’s almost always malware of some sort.

Valentine’s Day Malware Reminder

heart

As with every festive event Valentine’s Day brings a whole new wave of malware. Emails are already being sent around the internet carrying dangerous attachments. While the subject keeps changing, the more common attachments seen so far are:

  • withlove.exe
  • with_love.exe
  • Greeting card.exe
  • love_me.exe
  • porno_03.exe
  • valsday.exe

Never open attachments that end with .exe. Unless you’ve specifically asked someone to send you a file with that exact name, it’s almost certainly malware. Delete it.

MySpace Pages Can Carry Viruses

There have been some pages on MySpace that cause a window to popup telling used to install a Microsoft Security Update. And instead of installing a security update it installs some malicious code.

The last one to make the news involves requests coming from a user called "Rita". This is just an arbitrary name that someone has setup, and it won’t be the last.

So if websites like MySpace or Facebook ask you to install programs on your computer you should generally ignore or deny them.

ADSL Modems in Mexico are being attacked

Yesterday’s article explained how DNS poisoning works. And there’s already quite a bit of it happening. In Mexico there’s an ISP that offers their customers ADSL modems with the brand 2Wire.

There’s an exploit for this particular model making it easy for their DNS settings to be changed, effectively attacking the internet of users. It’s as simple as opening an email with the malicious code.

If your modem is a 2Wire then change the password and filter your emails with a good anti-virus program.

MP3 players sold with malware

Victory LT-200

Some MP3 players sold in the Netherlands have been found to contain malware. The model is "Victory LT-200".

This isn’t the first time gadgets come with viruses already installed (such as Maxtor’s  external drive). There have been USB flash drives, camera memory cards, and even GPS navigators that have been sold with infected files pre-installed.

Often it happens when a computer at the factory is infected and somehow the files end up on the device during testing.

Any good anti-virus program would be able to detect the files and clean them for you.

iPhone Trojan

There’s an iPhone download available on the internet that is actually a trojan. After you install it, and when you try removing it, it seems to cause problems on the phone.

It’s called the iPhone firmware 1.1.3 prep tool, and people are being told it’s required before they can upgrade to version 1.1.3 of the iPhone. Do not install this application, just ignore it.

Update: it seems this utility was written by an 11 year old.

Fake Security Renewals

There’s a trojan that has a tricky way of extorting money from users. It begins with a computer being infected with this particular trojan.

Then it shows an image on your screen (that won’t go away) telling you that you need to renew your security software (whether or not you have security doesn’t matter, this shows a fake screen). It gives you two options to pay for an update, both of which are part of the scam, the money goes into the pockets of the people who have spread this trojan.

Method 1: it asks you to send an SMS to a premium service, which costs you £10 (or the equivalent in your currency).

Method 2: it asks you to call a phone number, which is also a premium service and costs you the equivalent of US$35 (different prices and currencies in different countries).

Have a look at the screen-shots on this web page to recognise the fake renewal request.

The message reads (complete with spelling errors):

Browser Security and Antiadware Software component license exprited! Surfing PORN, ADULT and some other kind of sites you like without this software is dangerows and threatens with infection of your computer by harmful viruses, adware, spyware, etc… You strongly need to update your software to avoid infection and losting information from your computer. Please complete procedure of software update

If you come across this, or any other similar scam never ever pay them any money, or call the supplied phone number or SMS (otherwise you’ll be out of pocket a small amount of money).