Results 1 to 4 of 4

Thread: A powerful new Trojan Horse causing concern

  1. #1
    itscarole Guest

    Default A powerful new Trojan Horse causing concern

    Has anyone had any problems with this yet? This article was picked up in our local paper.

    By DEBORAH GAGE, San Francisco Chronicle

    An insidious computer virus recently discovered on digital photo frames has been identified as a powerful new Trojan Horse from China that collects passwords for online games -- and its designers might have larger targets in mind.<div class="content">

    &quot;It is a nasty worm that has a great deal of intelligence,&quot; said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse.

    The virus, which Computer Associates calls Mocmex, recognizes and blocks antivirus protection from more than 100 security vendors, as well as the security and firewall built into Microsoft Windows. It downloads files from remote locations and hides files, which it names randomly, on any PC it infects, making itself very difficult to remove. It spreads by hiding itself on photo frames and any other portable storage device that happens to be plugged into an infected PC.

    The authors of the new Trojan Horse are well-funded professionals whose malware has &quot;specific designs to capture something and not leave traces,&quot; Grayek said. &quot;This would be a nuclear bomb&quot; of malware.

    By studying how the code is constructed and how it's propagated, Computer Associates has traced the Trojan to a specific group in China, Grayek said. He would not name the group.

    The strength of the malware shows how skilled hackers have become and how serious they are about targeting digital devices, which provide a new frontier for stealing information from vast numbers of unwary PC owners. More than 2.26 million digital frames were sold in 2007, according to the Consumer Electronics Association, and it expects sales to grow to 3.26 million in 2008.

    The new Trojan also has been spotted in Singapore and the Russian Federation and has 67,500 variants, according to Prevx, a security vendor headquartered in England.

    Grayek said Mocmex might be a test for some bigger attack, because it's designed to capture any personal, private or financial information, yet so far it's only stealing passwords for online games.

    &quot;If I send you a package but it doesn't explode, why did I send it?&quot; he said. &quot;Maybe I want to see if I can get it out to you and how you open it.&quot;

    The initial reports of infected frames came from people who had bought them over the holidays from Sam's Club and Best Buy. New reports involve frames sold at Target and Costco, according to SANS, a group of security researchers in Bethesda, Md., who began asking for accounts of infected devices on Christmas Day. So far the group has collected more than a dozen complaints from people across the country.

    The new Trojan isn't the only piece of malware involved. Deborah Hale of SANS said the researchers also found four other, older Trojans on each frame, which may serve as markers for botnets -- networks of infected PCs that are remotely controlled by hackers.

    There is W32.Rajump, which deposits the same piece of malware that infected some of Apple's video iPods during manufacturing in October 2006. It gathers Internet Protocol addresses and port numbers from infected PCs and ships them out, according to Symantec. One destination is registered to a service in China that allows people to conceal their own IP addresses.

    Then there is a generic Trojan; a Trojan that opens a back door on PCs and displays pop-up ads; and a Trojan that spreads itself through portable devices like Mocmex does.

    How all this malware got onto the photo frames and what it's doing there is unclear. Trojans can download other Trojans, which is part of how botnets are controlled.

    While SANS is investigating the infections, the retailers are saying little.

    Sam's Club said it has found no infected frames, and its distributor, Advanced Design Systems, did not return calls seeking comment.

    A few Target customers complained about frames distributed by Uniek, a store spokesman confirmed. Target is no longer selling those frames, but that's because the frames didn't sell well over the holidays, he said. Target has found no infections, he said, but is watching for them.

    Best Buy said one line of its Insignia frames -- also now discontinued -- was infected during manufacturing, but would not provide details.

    (E-mail Deborah Gage at dgage(at)

    (Distributed by Scripps Howard News Service,

    Operating System:Windows XP Home Edition
    Software Version:5.x
    Product Name:ZoneAlarm Pro

  2. #2
    tonylima Guest

    Default Re: A powerful new Trojan Horse causing concern

    The date on this post is June 3, 2004!
    Yet this is the only reference to Mocmex I can find on the ZA site.
    I really need to know whether ZoneAlarm can handle Mocmex.
    Tony Lima

  3. #3
    naivemelody Guest

    Default Re: A powerful new Trojan Horse causing concern

    &quot;The date on this post is June 3, 2004!&quot; = actually that's the date the original poster registered in ZA forums - the day this post was made is ' 02-18-08' Please read carefully.<hr>Mocemex - this issue has been publicly recognized. Click here &gt;;;sa=N
    - go ahead read thru several of the search entries.<hr>From CA - read this/ click here &gt;

    Also known as:
    Trojan:Win32/Agent (MS OneCare), WORM_AGENT.TBH (Trend), W32/Autorun.worm.e (McAfee), Mal/Emogen-N (Sophos), Trojan Horse (Symantec), Packed.Win32.NSAnti.r (Kaspersky)<hr>If you have ZA Anti-virus or ZA Suite - the Kaspersky av will recognize it and there are several other layers of defense within ZA firewall products. Since Feb. security companies have had some time to recognize/ and or improve
    'methods' to handle this particular threat. Avoid the use of these types of digital photo frames/ portable storgae devices
    - at all cost. The CA link provides good info on the threat.<hr>:0NaiveMelody NYC 6-14-08 - Battle Without Honor Or Humanity ( theme music from Kill Bill movie) - Tomoyasu Hotei

  4. #4
    tonylima Guest

    Default Re: A powerful new Trojan Horse causing concern

    I apologize for my inability to read.
    Thanks for the info. - Tony Lima

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts