Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Digital Hitchhikers

Published: 2007-12-25
Last Updated: 2007-12-25 23:24:44 UTC
by David Goldsmith (Version: 1)
0 comment(s)

We received a report this afternoon from someone who had recently received a digital picture frame.  Unfortunately, it had a extra component with it.  The built-in storage came with what appears to be some malware already loaded on it -- a file called 'cfhskjn.exe' was on it when unpacked.

Some of the behavior seen when the digital picture frame was connected to the computer was:

  • MSCONFIG would not run - it would briefly open and then terminate
  • The system would blue screen when starting in safe mode
  • Going to various anti-virus websites would result in the web browser terminating
  • Various popups for random name.exe "with 'not valid image' messages

This specific product was an "ADS Digital Photo Frame - 8"  (sold by Sam's Club - see http://www.samsclub.com/shopping/navigate.do?dest=5&item=368725) but this type of infection can, and has affected other portable devices with internal storage.

Kaspersky has a blog entry 'Adventures at altitude'  (see http://www.viruslist.com/en/weblog?discuss=208187471&return=1) about one of their employees who bought a Kingston CF memory card that came with a virus on it.

Whether its a picture frame, a digital camera or any USB, CF, SD, etc memory card, the portable nature of these devices dredges up of memories of all the floppy boot viruses we used to have to deal with.  [ What's a 'floppy disk' you ask?  ;-) ]

Care should be taken when attaching storage devices to your computer to ensure you scan them for possible malware and handle them in as secure a fashion as is possible. 


David Goldsmith (dgoldsmith -at- sans.org)

Keywords:
0 comment(s)
Diary Archives