Best Buy sold infected digital picture frames

Source: ComputerWorld

January 23, 2008 (Computerworld) -- Best Buy Co. has confirmed that, during the holidays, it sold digital picture frames that harbored malicious code able to spread to any connected Windows PC. It is not recalling the frames, however.

What Best Buy called "a limited number" of the 10.4-in. digital frames sold under its in-house Insignia brand were "contaminated with a computer virus during the manufacturing process," according to a notice posted on the Insignia site last weekend. The frame -- which carried the part number NS-DPF10A -- has been discontinued, and all remaining inventory pulled, Best Buy added.

But that didn't happen until after some of infected frames were sold to customers.

Best Buy did not specify the number of virus-loaded frames that had ended up in customers' hands, but it said in a second notice posted today that it is continuing to investigate and is "connecting with our customers who may have been impacted."

The malware packed with the frame is an older virus that Best Buy claimed would be easily detected by any up-to-date antivirus software. It did not, however, specify the malware or narrow the scope of the danger by confirming that it was, say, a nonreplicating Trojan rather than a self-propagating worm.

Only Windows PCs are vulnerable, said Best Buy's notices, and then only if the picture frame is connected to the computer via the included USB cable. Frames -- like digital cameras -- are designed to connect to PCs so that images can be downloaded from the machine to the frame.


Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9058638&intsrc=hm_list

sinking sampans. :)

(no offense to our brothers and sisters over there)

don't buy crap from companies that: 1) Fail to adequately test products they buy from suppliers, especially if they are going to put their own store brand on them; 2) Don't reimburse people for the damaged caused by the product; and 3) Completely abrogate responsibility, without even a fucking apology.

I stopped buying from Worst Buy years ago, so this wouldn't have happened to me. But everybody else needs to wise up. Driving shitty sellers out of business is part of how we keep the other ones honest.

Organization... not so much.
:grouphug:

Lots of infections are passed around on all those music players, cameras, phones, and now picture frames which use common interfaces, USB in this case. This is very much like the old problem with diskettes carrying infections.

There are all types of new generations that can affect you, not matter the operating system. For example, we are now finding pre-infected hardware that is contaminated somewhere in manufacturing and distribution and almost impossible to detect. Consider that new disk drive you just bought; it has a processor and memory to allow it to present a "standard" interface to the computer and to implement hardware-specific controls, and things like bad block replacement. When you power up your computer, the device is notified and can prepare to read the boot block; malware in the disk controller is able to detect this, load its own "boot loader" carrying a payload to infect you system while appearing to boot your operating system normally. If might to something like run you operating system within a virtual machine controlled by the malware. While Windows is the most-common target opsys, Linux can be had the same way.

Many of the recent attacks are much simpler, using SWF and PDF to take over you system. Disable these, use things like noscript and flashblock and watch for anything funny. That PDF you downloaded from a state government site might have just infected you.

How much do you know about that little 4-port router you just bought?

I recently caught on to the routers but never suspected my camera, or PDFs.

Thanks for the info.

:evilgrin:

How many people will believe that?

I would skip those cables and things altogether, and stick with the tried and true - internet tubes.

I asked for, but don't have one of these yet. I did call my son (left a message) to see where his is from.

That might cost them precious money. Heaven forbid they exercise quality control over their house brand. I sense a class-action suit in the offing, and rightly so.

(that I bought her a few months ago for graduation) was messed up, and she didn't know what to do. She said it's been messed up since she got back to her house after Christmas vacation. Her boyfriend had gotten her one of these digital frames for Christmas, but it's too late in the middle of the night for me to call her right now and tell her what's wrong with her computer. Best Buy needs to fix everyone's computers for free. More problems from imported SHIT.

she'll be fine

MS screwed this up so that if you have IE 7 installed, some of the recovery hings don't work.