Amazon warns customers of infected digital photo frames
Samsung's November alert prompts online retailer to warn Windows XP users of malware on driver CD
Computerworld - Amazon.com Inc. last week warned customers running Windows XP that a Samsung digital photo frame it sold until earlier this month might have come with malware on the driver installation CD.
An Amazon.com customer posted the warning a week ago to the online retailer's user forum. In its note to customers, Amazon.com said that a Samsung advisory had been issued for the SPF-85H, an 8-in. digital photo frame that Amazon sold for approximately $150 starting in October.
The Samsung SPF-85H is no longer available on Amazon.com.
"We have recently learned that Samsung has issued an alert. ... Our records indicate that you have purchased one of the digital photo frames through the Amazon.com website and are therefore affected by this alert," said Amazon in the note.
Samsung released its advisory (download PDF) on Nov. 27 and listed five photo frame models as being affected: SPF-75H, SPF-76H, SPF-85H, SPF-85P and SPF-105P.
According to Samsung's alert, "a batch of Photo Frame Driver CDs contain a worm virus in the Frame Manager software. This is a risk of the customers host PCs being infected with this worm virus."
Samsung did not specify how the malware got on the CD, or how it escaped the company's quality control checks.
Amazon's advisory identified the malware as W32.Sality.AE, the name assigned by Symantec Corp. Security vendors McAfee Inc. and Trend Micro Inc. have pegged the malware with the names W32/Sality and Troj_Agent.xoo, respectively. Symantec's write-up said W32.Sality.AE was a "downloader" -- a malicious program that, once installed, downloads even more malevolent attack code.
Most security companies said that the malware -- variously labeled as a virus or a Trojan -- was first spotted in the wild last August, although some reported earlier variations as far back as mid-2007.
Amazon recommended that people who purchased a Samsung photo frame should download an updated -- and theoretically malware-free -- version of the Windows XP edition of Frame Manager from Samsung's support site.
Only users running Windows XP are at risk, Samsung and Amazon said; Windows Vista is immune.
Hardware with malware has almost become a holiday tradition. Last January, for example, Best Buy Co. admitted that it had sold infected digital picture frames under its in-house Insignia brand during late 2007. Best Buy yanked the 10.5-in. frames from its stores but did not issue a recall.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts