Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Another Infected Digital Photo Frame InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Another Infected Digital Photo Frame

Published: 2008-08-16
Last Updated: 2008-08-16 22:43:46 UTC
by Marcus Sachs (Version: 1)
0 comment(s)

Reader Greg sent us a note today about a new issue with digital photo frames.  Here is what he said:

Bought a couple of Vuescape 1.4" Digital Picture Frames from Inkstop, to give to family members for Christmas.  Just tried to install the software on my PC, and found that the setup.exe file was infected with AdClicker-DF.  It seems impossible to find an installer for the device online that does not have this infection.  I found another version of the program needed to work with the photo frame - PhotoViewer.exe - but it does not seem to recognize this device.

The mini-CD that came with the frames (item# 61000090) is labelled Driver and Utilities version 2.3B.  The Photoviewer software is, according to the properties sheet, published by Hojy Tech Corp.

This is a bit different from the digital photo frame infections we reported earlier this year.  In that previous case, the frames themselves contained malware.  In this new case the setup.exe file on the CD is infected with adware.

If you have seen this same phenomena in consumer products you've purchased recently (setup.exe containing malware) please let us know what the item was, what the malware was, and where you bought it.  By the way, many products come with extra programs that are often detected as spyware or adware.  We don't need to know about that, just cases of the setup or installer program itself being infected.

Marcus H. Sachs
Director, SANS Internet Storm Center

Keywords: photo frames
0 comment(s)
Diary Archives