Worm found in new MP3 player

Discussion in 'Backup and Security' started by BigBubba, Apr 15, 2008.

  1. weird deal.. i bought a lil MP3 player from an ebay store. worked perfect, and still does. but my avast anti-virus detected ODBCASVC.exe, which = WORM_VB.CVY. i researched it a bit, and sure enuff, it travels via removable disks, like the player i purchased. i scanned the player and there it was. the player is supposed to be brand new! the clear protective plastic is still on it. would you ask for a refund? (it still works). just forget it?
    the thing is, this worm supposedly collects critical info and transmits via smtp :(
    now i'm paranoid about possible security breach
    http://stores.ebay.com/COMSIS-COMPUTER-WHOLESALER-LLC_FRISBY-MP3-PLAYERS_W0QQfsubZ10665185QQfrsrcZ1

    *it's been deleted with avast, so, pfft - no biggie i suppose. just caught me off guard, a virus from a new player of all things..
     
  2. bought something from ebay that was sourced from Hong Kong a few years ago with the same problem.

    I see a trend. That's why they can sell things so cheap. They make it up on credit card fraud.
     
  3. There were some brand new digital photo frames sold in major US retail stores that came from China with a worm pre-loaded into the frame. The worm on your device sounds a lot less of a problem than the one that came on the brand new photo frames.


    For the complete Photo Frame story read this...but be warned this is kind of scary.
    Virus from China the gift that keeps on giving
     
  4. I would never have thought of such a thing although I don't own any of the above devices. How would a worm on a digital photo do harm just curious? Do you give your SS # or CC # to an Ipod?
     
  5. no - but you hook said device to your home computer, to access mp3s or pictures, etc.. then the worm has access to your computer files..
     
  6. It's exactly as BigBubba said. You have to connect the Digital Picture Frame to your PC via USB cables to upload your pictures to it. As soon as the connection is made the worm infects your PC and even disables most known AV programs in the process. It then gathers what it wants and uses your internet connection to upload whatever data it wants. With this version of the worm the data it was looking for was passwords to MMORPG type games like World of Warcraft or Everquest. As the article states those in the industry feel it was a test run for something much bigger in the future.
     
  7. Thanks for the FYI I overlooked the obvious. Damn so how do I scan these items safely with avast? If I hook it up to my computer to scan aren't I vulnerable at that point?
     
  8. it's a good question.. i think if your AV is running and up to date, you're safe. but, i don't know that. i wonder if i was 100% safe with this worm. i don't know for sure. i apparently missed a warning from avast (i saw it when i checked the logs). i never considered scanning the player when i 1st connected it. also, a good firewall might catch an unauthorized transmission of you're info - should that be the intent of the virus. but gawd, i dunno, and these things are always changing their methods of attack.
     
  9. The only way you are safe is if your AV is newer than the virus/worm. It's a scary world when they can infect, Photo frames, MP3 Players, Cameras, and Cell Phones...basically anything that has any type of memory or storage and can connect to your PC is now suspect.
     
  10. Yikes, chastity belt for thine USB needed!

    You could plug it into a spare computer (with nothing sensitive) and run Eraser of it's memory... But even that isn't 100%, it could even be in some flash RAM like a BIOS.

    I would ask for a refund, and leave negative feedback saying the kind of BS the seller is running.
     
    #10     May 30, 2008