Did any digital nasties show up under your tree this year?

Published: 2009-12-25
Last Updated: 2009-12-26 00:52:41 UTC
by Marcus Sachs (Version: 2)
2 comment(s)

As many of our readers may recall the past two years we had numerous reports of infected digital devices arriving as Christmas and holiday presents.  We believe that the global manufacturing process has improved based on consumer complaints, but there is always the possibility that something got through due to the complexity of the digital supply chain.  Let us know via our contact form if you, your family, or your friends received any malicious "value-added features" in electronic hardware either given or received as gifts.  We are especially interested in USB devices such as photo frames, GPS units, external hard drives, etc. since they seemed to be the items most vulnerable in the past.

Otherwise, have a safe and happy holiday season and best wishes to you and your families.


One person wrote us today to let us know that they had found an infected digital photo frame.  Here's what reader Vanessa said:

Installed install file on frame - was EXTREMELY quick at installing multiple files, links, and started to zip files and unzip processes ongoing. There were multiple suspicious processes with single letter names like c.exe or i.exe.   There were multiple links to porn sites put on the desktop as soon as the installation began.  This product was Smartparts digital picture frame optipix pro Item # SP800.

If any other readers have access to this particular photo frame please let us know if you have found any malware on it or if it is clean.

Marcus H. Sachs
Director, SANS Internet Storm Center

2 comment(s)


I understand the concern about the manufacturing process, but my guess is that many of these were infected in the retail store, not in the factory. How many were display models that were repackaged at the store, after being accessible to the public? How many had their packaging opened and resealed?

Its a pretty common way for the bad guys to get trojans and rootkits onto boxes - plug a usb into a display model and then run the software. Unfortunately, in many places (Best Buy, Future Shop etc), these display models are run wide open on the store floor. Someone then buys the display model thinking they are getting a deal and boom, a new zombie and bot node on the net.
I doubt there are many people out there traveling from Best Buy to Best Buy putting root kits on display models. That seems like a terribly inefficient means of distributing malware and building a botnet when they could just spend a few minutes on Face Book or My Space and add 10 times the number of bots.

Geeks are lazy, minimal effort, maximum outcome.

Diary Archives