Major Retailers Unwittingly Sell Data Stealing Keystroke Loggers

Tue, 27 Jan 2009 16:41:59 EST

Deborah Gage the San Francisco Chronicle first reported an unexpected "benefit" on the very popular digital photo frames. She reported the photo frames sold by Amazon, Circuit City, Wal-Mart/Sam's Club, Best Buy, Target and Costco all have one thing in common.

That is some malicious software.

This isn't saying the photo frame itself is going to attack the viewer or deface the pictures. Instead, the photo frame has become a new way to install keystroke logging (and other data stealing software) into the digital photo frame so that when you are loading pictures, the malicious software infects your PC, the same way a malicious website or e-mail might.

One of her examples that particularly caught my attention was the Mercury 1.5 inch keychain frame, which retails for under $25. Wal-Mart was unaware of the issue until the San Francisco Chronicle informed the company.

Consumers are used to computers, looking like, well, computers. It doesn't dawn on the average person that todays mobile phones such as the iPhone, and others in the genre are really mobile computers. So it is even less surprising that virtually no one understands digital photo frames are in fact, computers. And, and that they can carry malicious software (Trojans, worms, viruses, etc). The SF Chronicle's report reveals that the can is in fact, a very good possibility.

If you already have one of these digital photo frames the best security advice is keep your antivirus software up-to-date. The good news is , once one of the infected digital photo frames is out the door from its manufacture, (currently) there is no way for the bad code to update itself, unless you have selected one that has a wireless Internet connection for easy updating. It stands to reason that easy updating of the pictures, would also allow easy updating of the malicious software.

TRCB.com RSS Feed

Major Retailers Unwittingly Sell Data Stealing Keystroke Loggers