Big W acts on photo kiosk viruses

Big W acts on photo kiosk viruses

Summary: Woolworths has confirmed that a "small number" of self-serve photo kiosks in its Big W stores have been exposed to malware.

SHARE:
TOPICS: Security, Malware
11

Woolworths has confirmed that a "small number" of self-serve photo kiosks in its Big W stores have been exposed to malware.

"In a small number of cases we have detected isolated viruses which have been introduced to the machines through a customer's USB device," Woolworths said in a statement to ZDNet Australia.

Security publication Risky.biz reported that a customer's USB key had been infected, attributing the infection to Big W's photo kiosks. ZDNet Australia contacted the customer, Queensland IT professional Morgan Storey, who confirmed that his USB key was infected after his wife visited Big W's Mount Gravatt store last Monday to print photographs using one of the photo kiosks.

Storey said that he received the USB key back from his wife last Tuesday, only to discover it had been infected with a virus.

Nationally, Big W has 1800 photo kiosks, parent company Woolworths said in a statement. It said that there was a "very low risk" of viruses spreading via its photo kiosks, but it was now "working closely" with its partner, Fujifilm, to test and roll out appropriate antivirus software.

"We are already testing antivirus software in several stores and will begin rolling this out nationally in the coming months," it said.

In the meantime, it said customers could further reduce the "already minimal" risk by "avoiding USB sticks and instead using CDs, DVDs and memory cards when at a photo kiosk".

Topics: Security, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • Clearly this guy doesn't know what he's talking about, Autorun.inf based malware infects pretty much all removable media especially memory cards and USB.
    for users that share information using USB devices/Memory cards I recommend the Panda USB Vaccine program available on download.com this program innoculates USB keys and host systems from Autorun.inf based malware, Additionally steer clear of Symantec and McAfee both are useless the company I work for use SEP 11.5.0 with TruScan and all the other fruit activated it still fails to detect autorun.inf based malware correctly
    Autorun.inf malware also likes to hide in c:\recycler\random SID
    rather tricky to find unless you know what you are looking for.
    There are a number of free antivirus/internet security packages available off of the internet these include: AVG, Avast, Comodo, and many more however you do get what you pay for in certain circumstances except in the case of Symantec
    the_hunteroz
  • Jegar, maybe this guy does know what he is talking about, but didn't quite elaborate on how?? For example, it seems a little too obvious to me, to the point I'm even questioning myself haha but I can't see any flaw in my logic ...... What about if the memory card has a write protect tab as may be the case with say an SD or CF card? ..... I can't see how a virus on an infected kiosk is going to bust through a write protect tab if the card was set to read-only ?
    riv-fb374
  • Wow has it really taken his long to get to Australia? I was working in China 4 years ago and this malware was *everywhere*. People got it from infected USB keys, camera cards, cameras (when plugged in via USB cables), iPods, photo frames...etc...in fact anything that was USB storage based and automatically mounted in Windows.

    One of the main reasons I began to use Ubuntu Linux was to fix infected machines and USB devices. Linux is immune to this malware. It's just another file to Linux, so you can mount all the devices and erase the autorun.inf file and the associated .exe files (just open the .inf to discover their locations) without being infected.

    For this reason, I never stopped using Ubuntu Linux and still do to this day. If you are at all serious about security you will too.

    However, the thing that REALLY scares me...ATMs run embedded Windows... *shudder*
    (and yes, I know they are on their own networks, but what happens if one day...)
    hamrag.yattletrot
  • No insult at your high reasoning skills there Jegar, but surely the point the woolworths team was trying to make is that the Kiosks cant infect your cd's therefore you wont take any such viruses back home.
    trentyn.c@...
  • I just put my USB stick in from one I used on the weekend to print some photos and it has come up detected the same virus!
    Category: Worm

    Description: This program is dangerous and self-propagates over a network connection.

    Recommendation: Remove this software immediately.

    Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

    Items:
    file:C:\Windows\Temp\tmp000070b9\tmp000029a2->(UTF-16LE)
    file:E:\autorun.inf->(UTF-16LE)
    filelocalcopy:\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{66310E28-7AF1-43A4-8D48-A28550818018}-autorun.inf
    Dan A
  • Dan which store was it, this could be more endemic than we have realised.
    changlinn
  • This was the Port Macquarie Big W store. They also said they had just rebuilt the server due to "issues" and lost all the member information...hmmmm, not that it helped much by the looks of it.
    Dan A
  • Hi Everyone, I am Morgan Storey, didn't realise something I thought was so pedestrian would get so much press.
    @Jegar : Completely agree, it probably does infect cf/sd/mmc cards as well, can't tell you as we find it takes to long to load up all the images from a 4-16gb mmc.

    @riv: From what I have seen in other comments on this story, that write protect tab is only honored via software not hardware, so a virus could bust through, can't say I have tested it.

    @hamrag.yattletrot: I don't think it has taken that long to come to Australia, I have seen a few displays with crash messages and other odd behaviour, none I could conculsively say was a virus. I didn't even think it was a big deal when I blogged about it, just humourous.
    I think it is a little scary for any OS to not be in a locked down, security in layers config. I remember hearing a report that there were already viruses kicking around on some walled off ATM networks, probably due to insiders, but still scary. I think though at the moment Linux is blessed due to its smaller install base, bad guys are just as smart and smarter than us they will work out how to write malware for linux, mac, BSD, and whatever comes along. I personally like Linux, but like the saying a computer is only as good as its user.

    Personally I can't see wasting CD's to burn a handful of photos, we will stick to the USB key and keep a better eye on it.
    changlinn
  • eep, I'd suggest sending your booth number on your docket to bigw so they can investigate, I'd love to get hold of one of these machines to see when it was infected and where else it has bounced around to.
    changlinn
  • These card readers have actually been locked down to only read and not write to cards so that part should actually be correct. The USB autorun is all turned off in windows via method 1 here:
    http://support.microsoft.com/kb/967715
    This apparently still doesn't stop autorun viruses so I'm wondering how can you lock the autorun off completely in XP??
    jazeboy
  • But it isn't, it was written to, I have the time the photos where printed, and the file (virus) creation time... they differ by ten minutes 2:35 and 2:25 respectively.
    The other option if you think Autorun is not working (of course I would test it cause I have used that KB and it does stop conficker autorun), a software restriction policy, or a completely different os, or maybe updates and updated AV.
    changlinn