[Mike Reilley]

For any of you that bought and used a digital photo frame, I got this today.

"A powerful virus recently discovered in digital photo frames has been identified as a Chinese Trojan Horse that gathers personal information.  So far the Trojan Horse has simply collected passwords for online games,but experts say the designers might have larger targets in mind, the Seattle Post-Intelligencer reported Monday. "It is a nasty worm that has a great deal of intelligence," said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse. The virus, which has been named Mocmex, blocks ant-ivirus protection from more than 100 vendors, as well as the security and firewall built into Microsoft Windows. It spreads by hiding itself on photo frames and other portable storage devices that are plugged into an infected PC. The malware has "specific designs to capture something and not leave
traces," Grayek said. "This would be a nuclear bomb" of malware. He added that the Trojan has been traced to a specific group in China, but would not name the group."

I check with Norton and they provided an antiviral for this Mocmex virus YESTERDAY.  So, the fix is new.  Folks should update their antiviral files (run LiveUpdate if using Norton)...and then run a full SYSTEM scan.

 

[acmartina]

The original article is here:

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/02/15/BU47V0VOH.DTL

Quite interesting. I bought a couple of Kodak frames from Best Buy for my parents and in-laws. I did not see those mentioned in the article, but I think I will look into it!

Steve H.

 

[Skip]

There is some question of the validity of this story. The ONLY reference is the SF paper story. All of the internet references circle back to the that story, and while CA catalogues the virus, it doesn't rate it as risky as the story suggests, nor do they comment on the sources. Will be interesting, as I have a photo frame on its way to me as an Ebay purchase... LOL!

 

[Mike Reilley]

The significant part is the "The virus, which has been named Mocmex, blocks anti-virus protection from more than 100 vendors, as well as the security and firewall built into Microsoft Windows". I can't see how a worm with that property would NOT be considered "risky"....then again, it's not my line of business to rate this stuff.

I checked my computer by running a full SYSTEM scan after I downloaded the anti-viral updates, and it found nothing.

 

[Greg Elmassian]

Norton would not go to the effort to provide a defense against a virus if it did not exist.

Google "Mocmex" and see that legitimate anti-virus companies are among the hits. You don't even need to read the sites to tell this is valid.

Regards, Greg

 

[Skip]

I'm not questioning the validity of the virus, I'm questioning the validity of its presumed risk (as are others) CA doesn't rate it a particularly high risk virus, which if would be if the SF story was more true than not. What I'm questioning is the validity of photo frame story and the apparent virulence of the virus the story suggests. So, far, thre hasn't been a confirmation of the SF story (to my knowledge), including one from CA.

 

[Mike Reilley]

Posted By Skip on 02/27/2008 4:54 PM
I'm not questioning the validity of the virus, I'm questioning the validity of its presumed risk (as are others) CA doesn't rate it a particularly high risk virus, which if would be if the SF story was more true than not. What I'm questioning is the validity of photo frame story and the apparent virulence of the virus the story suggests. So, far, thre hasn't been a confirmation of the SF story (to my knowledge), including one from CA.


OK...here is the confirmation.  http://ca.com/us/securityadvisor/virusinfo/virus.aspx?id=68701 .... and http://www.engadget.com/tag/mocmex/  and http://www.massively.com/tag/mocmex/ .... etc.  As Greg says, just Google mocmex...there's a ton of stuff out there on it...including ONE you-gotta-pay-for review that calls it "hype".  If you're into believing that viruses are probably bunk...you've gotta a lot of reading you can do.  Me...I'd just prefer to get the 'shot'..and get on with life.

As I read all the reviews, this virus is not in itself dangerous....meaning, it doesn't screw up your computer by denying you the ability to do things...nor do you loose things on your disk.  Ergo, it's rating from CA (and I am not defending the rating system) is nothing that would get my juices flowin'.  How-some-ever...if it steals your passwords...well, that's the rating system again which I'm not defending.

IMHO, the immediate DANGER is that this virus disables the anti-viral programs in the computer....which makes the computer available to get the kind of viruses that DO destroy files.  It also self replicates to any other removeable device that can be plugged into the computer....beyond JUST the photo frame.  If you get this virus, then it will replicate to all your thumb drives, removeable disks, camera memory, etc. when you plug them in.  

Given that thumb drives are used to move data from computer to computer...it's pretty clever to start these off in JUST photo frames.  

There's a whole potpouri of 'oh craps' that this particular virus can lead to....but....that's apparently NOT the way CA rates the danger.  

You do NOT want to ignore this one...  

 

[CJGRR]

hmmm my mom just baught a "coby" brand digital pictuire frame, should I be worried?? so this virus is IN the picture frame itself? I use a memory card for this one, so it would transfred to the card, then my computer???

 

[Mike Reilley]

If ya put an SD card into the frame....it got the virus. If ya put the SD card back in your computer....it got the virus....UNLESS you've got the antidote for THAT virus in your computer's antivirals.

If the frame has the virus...and your computer has the antiviral....you can plug the SD card AND the frame into your computer, and have it cleaned by the computer. BUT...you need to tell the anti-viral program to do that. It's NOT automatic.

 

[Gary Woolard]

Cant'ya just plug the SD card back into the CAMERA you took those pictures with in the first place, and FORMAT the card again?  I doubt a digital camera could be 'smart' enough to get infected!

 

[Mike Reilley]

Probably true Gary. This virus is designed to attack Windows...not the custom code in a camera....BUT....it transports itself by hiding in things that look like removeable disk drives.  One of my cameras looks like a remote disk drive to the computer.  So, there is a chance it could lodge itself in there...in the camera....ready to infect any computer the camera hooks too.