[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Checking photo frames for Windows malware
- Subject: [ale] Checking photo frames for Windows malware
- From: ale at sixit.com (Robert Reese~)
- Date: Tue, 30 Dec 2008 14:04:00 -0500
- In-reply-to: <[email protected]>
> The SFGate article reports that "Deborah Hale at SANS suggested
> that PC users find friends with Macintosh or Linux machines and
> have them check for malware before plugging any device into a PC."
> My questions is - how could this be done? Could I boot with a Live
> CD and then plugin and scan a USB picture frame for malware?
No need to go through so much trouble. On a non-Windows computer, just open the
USB picture frame as a drive and look at the files. There should be no
executable files there unless you find reference to those files in the
documentation or the packaging. If you do find them there, delete them or
rename the extension to ".suspect" or something similar. Personally I'll zip
and delete the source.
On a Windows computer, the best way to avoid that type of infection is to make
sure that Explorer shows hidden and system files and shows extensions. Why MS
hid extensions is mystifying to me. Also, turn OFF autorun capabilities.
Google has plenty of returns on how to do this specific to the version of
Windows. Further, NT-based systems should be using limited accounts rather than
Admin accounts. And lastly, good anti-malware software is critical for all but
the most tech-savvy Windows users.
By the way, this is more common than you'd imagine; I have first-hand experience
two years ago. Fisher-Price, the large toy maker, sold a child's MP3 player (an
"FP3" player) that used proprietary formatting and Windows software to convert
and play the software. Very DRM-heavy. So I wasn't completely shocked when I
found the player had an executable in its memory.
I don't like DRM so I pulled it down and examined the file. It turned out to be
a trojan/worm (Win32/Perlovga.A to be exact). This was a factory-sealed
product when I got it; I'll bet you never heard a word from Fisher-Price warning
its customers about this. Of course, they quietly and abruptly halted
production of this last year... right around the time the lead paint problem was
But it really isn't necessary to go through the hassle of scanning the thing for
malware using specialized disks or software.