Defense in Depth

Read all 'digital cameras' posts in Defense in Depth
January 7, 2008 1:43 PM PST

Digital gifts that keep on giving

by Robert Vamosi
  • 2 comments

Care should be taken when plugging holiday gift gadgets into your personal computer and laptop, said security researchers at Sans.org, Microsoft, and Kaspersky in recent blog posts. Reports of strange files being found on USB storage devices increased over the holiday season. Reporting Monday on the SANS' Internet Storm Center blog, director Marcus Sachs said, "In years past this would have been limited to iPods and USB memory sticks, but now it includes digital photo frames, GPS devices, external hard drives, and of course digital cameras."

The unofficial Sans.org investigation started on Christmas after researcher David Goldsmith received an ADS Digital Photo Frame - 8". He soon discovered that the built-in 128MB of storage included file cfhskjn.exe. When he tried running the mystery file, he received several error messages.

Others have noticed odd behavior with storage devices as well. Kaspersky antivirus reports purchasing a Kensington memory card in Napal which contained Worm.VBS.Small.n, a computer worm. A second Kaspersky blog mentions Victory LT-200, an MP3 player that includes (at no extra charge) the malware Worm.Win32.Fujack.aa.

Coincidentally, the January 2008 issue of Microsoft TechNet magazine includes a report on "island hopping", the act of using USB storage devices to infect personal computers. The author of the article, Jesper M. Johansson, said many USB controllers are Direct Memory Access (DMA) devices that bypass the operating system and directly read and write memory on the computer. "Bypass the OS and you bypass the security controls it provides--now you have complete and unfettered access to the hardware. This renders device control implemented by the OS completely ineffective. I am unaware of any hacking tools that currently use this technique, but I very much doubt that this has not already been done."

Kaspersky said most removable media exploits in the wild use the Windows autorun functionality. Kaspersky said the autorun vector is not perfect. In Windows XP SP2 the autorun.inf feature is disabled and the user is asked whether or not to run the file. A similar process occurs within Windows Vista. In both cases, however, researchers note that the user can still infect themselves by selecting Run setup.exe.

Topics:
Uncategorized,
Security
Tags:
security,
gadgets,
malware,
digital picture frames,
digital cameras,
USB storage
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Most Discussed



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET