Your digital photo frame infected?

Some carried malicious code

Digital photo frames were one of the best-selling consumer electronics products this holiday season, but some of them carried a nasty surprise -- malicious software code that tried to hop onto personal computers when the frames were plugged in.

These popular devices are now so powerful that they've become computers in themselves, although people who buy them don't always realize that. And like computers, the frames are capable of carrying code that logs keystrokes, steals data and calls out to other malicious code once it's installed itself on a PC.

No one knows how many digital photo frames were infected. But the Consumer Electronics Association estimated that 7.4 million such frames were sold in 2008 -- up 41 percent from 2007 -- and projected that sales would jump again this year by 33 percent to more than 9.8 million frames.

Among the frames reported to be infected were a Samsung 8-inch frame sold by Amazon.com, an Element 9-inch frame sold by Circuit City and a Mercury 1.5-inch frame sold by Wal-Mart.

Amazon.com has e-mailed warnings to customers about the Samsung frame, but a Circuit City spokesman said the retailer wasn't aware of any infections. A Wal-Mart spokeswoman said the company would remove the Mercury frames from its Web site.

American consumers shopped hard for bargains this year, and digital photo frames have been good deals. Wholesale prices continue to drop. Wal-Mart has been selling the Mercury frame, which comes embedded in a key chain, for $24. But the infected frames also show how risky it is to live with a global supply chain where the cost of buying products at the lowest price means those products can vary widely in quality.

The Mercury photo frames sold by Wal-Mart, for example, were manufactured by Kobian, a company with headquarters in Singapore, factories in India and dedicated subcontract facilities in China, according to the company's Web site. No offices were listed in the United States. Kobian could not be reached for comment.

It's other devices, too

This year's crop of malicious code varied in its potential destructiveness but some of what reportedly was found on the frames was old code that was easily detected by antivirus software. It all spreads by taking advantage of a feature in Microsoft Windows called Autorun that makes digital frames and other electronic devices run automatically when they're plugged into a PC.

Microsoft turns on Autorun by default to make these devices easier to use, although security experts routinely tweak Windows so that Autorun is turned off. Microsoft, however, advises against this. Turning off Autorun is not a simple step, said Ziv Mador, a senior program manager at Microsoft's malware protection center, and PC users who try it are likely to wind up confused.

"They're used to entering a CD (or plugging in a frame) and it loads automatically, and that will not work anymore," he said. "The important thing is to have up-to-date antivirus software and keep it turned on. That will mitigate much of the risk."

Paul Ferguson, a security researcher at Trend Micro in Cupertino, Calif., said not all infections are caused by digital photo frames. Memory sticks, digital cameras, thumb drives and other devices that run by connecting to PC can all carry viruses.

In November, the Department of Defense banned the use of all removable storage devices in order to halt the spread of a worm on their networks, according to reports.

In May, infected memory sticks were accidentally handed out at a computer security conference run by Australia's national Computer Emergency Response Team.

"It was very embarrassing, but this stuff always needs to be suspect," Ferguson said.