Wednesday, December 24, 2008

Give Someone W32.Sality.AE for Christmas

If you're looking for that last minute gift idea for a friend or co-worker who isn't on your "nice" list, how about a nice virus that infects executable files and then attempts to download malicious software from the Internet?

I know what you're thinking - I would never give a present like that. If you're handing out digital picture frames, don't be too sure.

As seems to happen every year, some digital picture frames are coming pre-loaded with assorted malware. In this case, it's the Samsung Frame Manager 1.08 software for Windows XP that comes bundled with a number of various Samsung frames.

Amazon.com took the unusual step of distributing the following communication to customers who purchased the SPF-85H 8-Inch Digital Photo Frame:

"The alert involves the SPF-85H 8-Inch Digital Photo Frames w/1GB Internal Memory, designed to work with Windows-based PCs via a USB connector," the warning states. "They were sold between October and December 2008 for about $150. ... If you are using Vista or a different version of Frame Manager, this issue does not affect you."

Samsung has an updated version of the Frame Manager software available for users, and they recommended using your favorite antivirus program to quarentine the virus. 
Thanks, Samsung! I have a better idea - how about if you stop shipping me infected stuff?

This issue first popped up more than a year ago, and it leverages a known weak point in the exploit matrix - users will plug anything into their computers without giving a second thought to where it comes from or what it might do. 

In the early days of personal computing, floppy disks were the primary delivery mechanism for viruses, because computers weren't networked like they are today, so transport via disk was the preferred distribution method. Users got (somewhat) comfortable with doing a quick virus scan of the media before running it. If they didn't, it wasn't long before a corrupted Master Boot Record or trashed registry reminded them. Hard lessons tend to be remembered longer.

As we moved out of physical media into a networked world, more malware was delivered digitally, either embedded within other software (you didn't think that downloaded copy of Microsoft Office was completely free, did you?) or as a self-executing file attached to an email that ran when the message popped up in your email program's preview pane.

This caused us to develop media malware amnesia, and we turned sloppy when we opened a new CD or DVD and inserted it into our machine. After all, we sort of trusted the company who sold us the media, and in any event, our antivirus/antispyware/OS defender program would save us. Right?
But as always, it's up to the user to provide the last line of protection against the various forces of evil that are out there. As my friend Kevin, an incident handler at the SANS Internet Storm Center says, "The user's ability to do stupid things continues to trump my ability to keep them safe."

So if you're looking for a good gift for your friends and family this year, how about a list of computer security tips to remind them of how easy it is to do their part?

For that, you can reference Mark Hofman's ISC diary entry on The 12 (or so) Hints of Christmas.




No comments:

Post a Comment

Please tell me what you think.