Sunday, January 27, 2008

Virus Found in Some Best Buy Digital Frames

Barry Levine
News Factor Network
Website: http://www.newsfactor.com

You can add to the growing list of things you need to do to keep your computer safe -- scan the digital picture frame.

Best Buy has confirmed that some units of its Insignia 10.4-inch Digital Picture Frame, purchased over the holidays, had a computer virus. Last weekend, the retailer noted an advisory from its private label, Insignia, which stated that "a limited number" of the frames, model number NS-DPF-10A, were "contaminated with a computer virus during the manufacturing process."

According to news reports, Best Buy is not recalling the frames, but it has pulled the remaining units. It said this was the only Insignia frame product affected, and the product has been discontinued.

Precautionary Measure

The company said that once it was informed of the contamination, it "immediately" withdrew the product from stores and Web sites "as a precautionary measure to protect our customers." Best Buy did note that "some affected units" were purchased from either its brick-and-mortar stores or from the retailer's Web site before the virus was detected.
Best Buy reportedly learned of the infection after customer complaints, but there is no indication of how the virus was acquired during manufacturing, or what the consequences may have been for customers.

The company pointed out that the virus can only get to a computer if the digital frame is connected. The frames connect to PCs as well as cameras so photos can be downloaded for display. But Best Buy said cameras, USB drives and memory cards cannot be infected by the virus.

Use Up-to-Date Protection

Even if a consumer does attach a contaminated frame to a computer via a USB cable, Best Buy said, any up-to-date antivirus software, such as Norton, McAfee or Trend Micro, should be able to detect and remove the infection. It added that the units contained "an older virus which is easily identified and removed by current antivirus software."

The specific virus was not identified by either Best Buy or the manufacturer, although there are reports on the Web that it was a Trojan that could induce a crash on Windows machines.
Macintosh-owning picture lovers can rejoice, at least temporarily, because the virus only affects Windows operating systems. Similarly, Linux-based systems are also immune to this particular infection.

Virus-infected products may be the next frontier for consumer caution.

Last year, Seagate admitted that some of its 500-GB Maxtor hard drives had a Trojan house that could swipe online passwords for games, and some Apple iPods were infected with a virus in 2006. Other consumer products that have reportedly had viruses include GPS devices, digital cameras, memory cards, MP3 players and other brands of digital picture frames.

Worm fears shut down Skype video feature

Robert McMillan
InfoWorld
Website: http://www.infoworld.com

San Francisco - Skype has been forced to turn off a video-sharing feature in its software because it could be misused to launch a self-copying worm attack against Skype users, security researchers said Tuesday.

A bug in the software, which was first reported last Thursday by security researcher Aviv Raff, stems from the way Skype uses an Internet Explorer component to render HTML.
Skype's video-sharing feature allows users to share videos hosted on two sites -- Dailymotion.com and Metacafe.com -- while chatting with other Skype users.

Last week Raff showed how attackers could exploit the bug to run unauthorized software on a Skype user's PC. But on Tuesday, the security researcher said the flaw was more serious than he'd first thought. It can "be triggered by simply visiting a Web site, or clicking on a link from your instant messaging application," he wrote in a blog posting, "Which basically means that this vulnerability is now wormable."

Skype appeared to have pulled the video feature from its client software on Tuesday as a result of the bug. Users who attempted to click on the "videos" button within a chat window were greeted with a message that the feature was unavailable "because of some security concerns."
"Our brightest engineers are rattling their wrenches to make things all right and bring the beloved videos back. Soon," the message read. "Sorry about this."

Skpe representatives did not return calls seeking comment. Last week, Skype spokesman Villu Arak confirmed that there was a security problem for Skype 3.5 and 3.6 users who visited the Dailymotion.com Web site, but users were still able to share videos using Metacafe.com.
On Tuesday, however, Skype pulled the video feature altogether after being informed of the new problem, Raff said.

Because Metacafe had a cross-site scripting flaw, a common type of programming error, Raff was able to run JavaScript on Metacafe.com, which could then be used to run unauthorized software on the victim's computer. Attackers could then forward a link to the malicious Web page to all of the Skype contacts in the victim's computer, spreading the infection.

For Raff's attack to work, an attacker would have to post a maliciously encoded video file to either of the Metacafe or Dailymotion Web sites. Metacafe said Tuesday that it's "highly unlikely" that this kind of malicious video would make it through the site's content-filtering process.

In a statement, the company said it expects Metacafe videos to be available to Skype users as early as Wednesday morning.

Raff said that because the attack could lead to a widespread worm outbreak, it would be better for Skype to fix the underlying problem before bringing Metacafe back online.

Raff believes that Dailymotion was probably susceptible to this type of attack as well, although he was unable to confirm this after Skype cut off access to the Web site.

The problem lies in the fact that Skype uses a Windows Internet Explorer component with inappropriate security settings, researchers say. Instead of processing pages it renders with the more secure "Internet Zone" security setting, Skype uses IE's "Local Zone" security setting, usually reserved for more trustworthy content.

Until Skype engineers make some changes to their software, more of these problems will continue to pop up, Raff said.

Another security researcher who has been studying the flaw agreed.
"If they keep their Skype client running in the Local Zone of IE, we will see more of these," said Petko Petkov of GNU Citizen via instant message. "Before killing Metacafe, anyone who owns the server would have been able to own every Skype user on the planet."

Apple growth will draw malware attacks

Matt Hines
InfoWorld
Website: http://www.infoworld.com


San Francisco - As Apple continues to grow its worldwide market share and the company's products find their way into more business environments, attackers are certain to follow and create greater volumes of exploits aimed at vulnerabilities in the company's software, security experts contend.

According to industry analyst firm Gartner, Apple shipped just over 1 million Mac OS X-based computers during the fourth quarter of 2007, a gain of 227,000 over the fourth quarter of 2006. The analyst firm reported that Apple's U.S. market share for 2007 jumped by 28 percent compared to 2006, rising to just over 6 percent.
And with Apple CEO Steve Jobs stating at last week's Macworld Expo and Conference that the company has already sold 4 million iPhones and 5 million copies of Leopard (Mac OS X 10.5), its latest OS, since launching the products last year, the company's prospects look stronger than ever.

However, malware researchers and industry analysts warn that as the sheer number of Apple end-point devices in use worldwide rise, so will the security concerns tied to the company's products.

"It's hard to get around market share. At the end of the day, malware writers don't care what operating system you are using; it's about whether or not you have valuable information on your machine and whether there is an opportunity to take advantage of it," said David Marcus, security research manager for McAfee's Avert Labs group.
"Microsoft Windows has been targeted so aggressively because it has a much broader deployment than the Mac OS," he said. "But the malware authors watch trends just like everyone else, and they know more people are considering a move to Apple, including government institutions and businesses; if it makes financial sense to go after that opportunity at some point, they will move in that direction."

The Mac's vulnerabilitiesIn some cases, attackers will seek to exploit vulnerabilities such as currently unpatched flaws in Apple's QuickTime multimedia player application. In other cases, malware writers will use threats based more on social engineering, such as with the MacSweeper rogue cleanup tool that appeared during Macworld Expo, the researcher said.
MacSweeper serves as evidence that developers -- both credible and not -- have already begin to turn more of their attention to Apple platforms, anticipating Mac users' security fears, Marcus said. Although MacSweeper is pitched by its creators as a utility for cleaning malware programs and other unwanted software off of Mac OS computers, it has proven to do almost nothing of the sort, despite its $40 asking price.

David Maynor, chief technology officer of research and consulting firm Errata Security, said that one area where attackers may seek to assail the Mac OS is via flaws found in some of the older open source libraries of software code used in the platform.
Apple also typically lags in patching issues found in those code libraries, such as with the Samba networking protocol used in the company's Mac OS X.
Even when the Samba open source community has created a fix for a known security issue, it often takes Apple three to four months to introduce a related patch for its products, giving any attackers looking to subvert Mac systems a lengthy window of opportunity to do so, Maynor maintained.

"If someone has a list of these open source security issues in the projects included in Mac OS, they could use that against OS X users," said Maynor. "Samba is a perfect example, as there is generally a large window there."

A rise in underground malware activityMaynor said that he observed an increase in Apple-related activity in the underground malware research community last year around several previous QuickTime vulnerabilities.
"It's not that the number of Mac vulnerabilities is rising. If you look at their own security archives, you'll see that there were always a lot that were reported, but no one cared in the past," Maynor said. "One of the problems is that a lot of users buy into the misconception that Mac OS is more secure because of Apple's development process, but that's not really the case. Some people also feel that they are protected by Apple's smaller market share, but with more of these computers out there, more attention is being paid to it."

According to officials with Lumension, a software vendor that specializes in vulnerability scanning and patching, Mac OS has actually had far more security flaws reported in the last year than Microsoft Windows. Don Leatham, director of solutions and strategy at Lumension, formerly known as PatchLink, said that Mac OS X had nearly five times as many vulnerabilities reported than Windows during 2007. He noted, however, that many of those issues were considered minor, and that the Microsoft Windows security problems were notably more critical.
But Leatham agreed that publicly reported holes in Mac OS products tend to stay unaddressed longer than their Windows counterparts. "It's not always about the sheer number of exploits anyways; it's more about the speed at which real exploits are being created. That's what people will need to be worried about going forward," Leatham said. "If you get to the point where you have professional malware development kits being sold on the underground, as we have today for Windows, that's when there could be real problems for Mac. But we haven't seen any of those just yet."

Leatham added that, as with other mobile devices, Apple's iPhone has yet to see any truly dangerous malware attacks. However, when Apple releases its mobile applications development toolkit for the handhelds in February, he said it will be interesting to see if anyone tries to take advantage of the package to aim new threats at the phones.
"It would obviously still be a bigger deal if someone created a successful attack that targeted the Research in Motion BlackBerry platform, because those are the devices of choice in most businesses, but with 4 million devices sold by Apple, some of these handhelds are already finding their way into the enterprise," said Leatham. "iPhone has been considered very safe thus far because of Apple's rigorous applications white-listing approach, but we'll be curious to see the security features open to developers in the new toolkit and whether it will attract the interest of any malware writers."

Short-term safety, longer-term concernFor now, Apple users likely have little to worry about, the industry watchers agreed. Even with Apple's dramatic market share gains, the majority of its computers are being purchased by consumers, and malware professionals are more concerned with trying to exploit Windows vulnerabilities to steal valuable data from business users, experts contend.
"We're nowhere near a tipping point where, from an economic standpoint, it will be a better strategy for attackers to target Macs vs. PCs," said Andrew Jaquith, an analyst with the Yankee Group. "People who write malware for a living are professionals, they want to get the best return on investment from their work, and there are still much higher returns to be found in the Windows space.
"We will probably see some opportunistic things being developed on the Mac side as the market share numbers increase, but it's still nowhere near the epidemic we've experienced with Windows," Jaquith said. "Mac is still a safer platform, although not necessarily a more secure one."

Reached for comment, an Apple spokesman said that the company takes security "very seriously" and defended that the company has "a great track record of addressing potential vulnerabilities before they can affect users." However, the spokesman reiterated that the firm always welcomes feedback on how to improve security on the Mac.