NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0412 Digital Picture Frame Threat:
Recent information has uncovered a very real threat with digital picture frames and their
ability to store and infect computer systems with viruses and other malicious code, the
most recent of which is called "MOCMEX." This virus is a Trojan horse that collects and
transmits passwords, and has the capability of doing much, much more.
The MOCMEX virus has ben found to be preloaded on select digital picture frames purchased
from a variety of vendors, mostly during the holiday shopping season of 2007. The infected
digital picture frames have the ability to auto-infect other computers and media. This
includes media cards as well as other systems that the device is connected to.
This malicious code has been traced to a specific unnamed group in China who are known to
be well-funded professionals whose malware is designed to capture information without
leaving any trace of its presence. It is thought by some that this malware may simply be a
test before releasing a larger attack against PC based systems.
The MOCMEX virus is only known to affect Windows based PC's. Initial reports of this
Trojan horse came from people who purchased their digital picture frames at the following
retailers: Sam's Club, Best Buy, Target, and Costco. This particular piece of malicious
code was not the only virus found on these devices, four other older viruses were also
found and they could serve as markers for botnets - networks of computers that are remotely
controlled by hackers.
Right now it is unsure which devices were infected or how many digital picture frames were
sold with this malicious software on them. There is no guaranteed method of protecting any
computer system against this threat. If you think you bought an infected device, please
email SANS at info@sans.org or call your local retailer.
(Open Source Center 27FEB08)