Did you give the gift of a hacked account this Christmas?
Do you even know? Many digital photo frames sold at Best Buy, Target, Costco and Sam's Club have a particularly insidious trojan embedded in them - one designed to thieve your account information for a variety of online games.
One of the primo geek gifts of 2007, variations of these devices were bundled with darn near everything gadgety during the holidays. Some percentage of these contain a professionally written and very stealthy little gremlin that Computer Associates has dubbed Mocmex that is apparently capable of robustly concealing itself from many detection engines. This isn't an amateur-night special, by all reports. This is professional nastiness, with multiple variants.
We'd love to give you more information on the specifics of what this does, but parts of the Computer Associates site have been hammered into near oblivion in the last 24 hours as word is starting to get around. Thanks to Engadget and others, we do know that at present it only affects Windows systems (so you Mac and Linux users are safe), that it comes in a fairly large number of variants, can probably auto-update, and can install other malicious software on your system to do ... well, more or less anything the authors desire. Data is presently sent back through an anonymizing service in China.
Our colleague at WoW Insider, Amanda Dean had her account hacked on Valentine's Day. Amanda's always practiced safe, secure and hygenic computing and taken care with her account details. There's a lot of money to be had in maliciously obtaining the account credentials of others in major MMOs and Virtual Worlds.
Target got reports about frames distributed by Uniek, while Best Buy confirmed that there was problems with infected product from Insignia. It may be that the faults are not tied to any single manufacturer or brand and that the units are being infected at a distributor, shipper, warehouse or stevedore.
This also isn't the first. You may recall that late last year there were Maxtor/Seagate drives that shipped from the factory with account-stealing trojans installed.
If you think you have bought an infected device, contact the SANS Institute at info@sans.org and call the store who sold it to you. If you received one, find out where it was obtained and get calling and emailing.
Best Buy: (877) 467-4289
Costco: (800) 955-2292
Sam's Club: (888) 746-7726
Target: (800) 591-3869
