More Infected Digital Picture Frames

Gregg Keizer of ComputerWorld has reported a malware event eerily similar to last year's Best Buy snafu: More infected digital picture frames, this time from Samsung and distributed through Amazon. According to Keizer, "Samsung did not specify how the malware got on the CD, or how it escaped its quality control checks."

The malware is a variant of Sality, a file infecting virus that infected the Windows XP driver file somewhere within the Samsung networks, and which was then subsequently distributed on certain models of Samsung digital picture frames. Interestingly, the Samsung support notice (PDF) sent to affected customers says the issue can be resolved by uninstalling the old tainted driver and installing an updated version. Of course, nothing could be further from the truth. As a file infecting virus, Sality would quickly spread to other executable files on the system and it includes a downloader which installs additional malware via the Web. Sality also includes an autorun worm component, so the infection would quickly spread to USB thumb drives and other removable/discoverable drives. (See How to Disable Autorun to prevent autorun worms from spreading).

If you purchased a Samsung digital photo frame from Amazon.com prior to November 27th and you installed it on Windows XP (which was the infected driver file), your system would have been infected. You'll want to uninstall the digital frame driver, scan the system with up-to-date antivirus software and allow it to clean any Sality infected files and remove any other malware the scanner finds. Sality disables antivirus software on infected drives and it prevents access to certain security websites. You may need to use a clean computer to create a bootable antivirus rescue CD and use that to scan the infected computer(s). After which, you can proceed at your own risk and install a new driver from Samsung if you dare.