Digital picture frames showed up everywhere this past holiday season - and unfortunately, some of them, it turns out, also include a Trojan Horse payload as a 'free' bonus.
Whether you call it Mocmex or W32.Autorun.worm.e, it's bad news. It performs the following actions:
If that last behavior reminds you of a previous storage-based malware outbreak, you're right. We brought you reports of Maxtor external hard disks infected with malware from China back in November , and antivirus researchers, according to the Chronicle, have traced back this latest infection to a China-based group as well.
Mocmex can be detected by updated CA and McAfee antivirus programs (and possibly others), but because it uses Autorun.inf to spread (and can reenable Autorun , even if you have disabled this feature), waiting until you have connected the picture frame to a Windows-based PC may be too late - your system's already infected! So, how can you detect Mocmex or other nasties stored in a removable storage device? Deborah Hale at the SANS Institute (www.sans.org), a leading information security training and research firm, suggests scanning media from a computer running Linux or MacOS.
Here's a better idea, especially for us Windows diehards: create a BartPE CD (as suggested by our own Logan Decker ), include your preferred antivirus tool (you'll find a list of antivirus plugins here ), and use it to boot your PC and scan digital picture frames or other removable-media drives for viruses and malware.