Cryptowall 2- Warning, Question

Discussion in 'Digital Darkroom' started by eric friedemann, Nov 13, 2014.

  1. Last Friday, I was hit by a horrific malware program, Cryptowall 2. The technician working on my computer and trying to recover some documents and images that had yet to be backed up said it is THE worst malware program he's seen. I would first tell everyone to make sure your malware software is up-to-date, run it and keep running it. Cryptowall 2 is making the rounds.
    In trying to figure out where the malware came from and to prevent a reoccurrence, I'm concerned about the possibility that it might have crept back into the CPU of one or more of my digital cameras. I know malware can infect memory cards, my question:
    Can malware infect a digital camera?
     
  2. Short answer: it's extremely unlikely that an infected computer will actually infect a camera.
    Digital cameras are just computers with some optical stuff attached, so it's certainly possible to write malware for them. However, malware, like other software, has to be written for whatever platform(s) you want it to run on, so typically it's developed for one platform (mostly for Windows) and is incapable of running on any other. If it infects Windows PCs, it typically can't infect Macs and vice versa, even though they use the same CPUs. Your digital camera is likely unrelated to either of those OSes or to the hardware they use, so it should be safe.
     
  3. According to most articles since October this year when Cryptowall 2 was reported, it's spread the usual way - email attachments. It's easy to say "Don't do that", but sometimes we're busy, tired or go on autopilot and open attachments without triple checking the sources.
    There are so many spoofed emails now that it's easy to be fooled. Over the past couple of years I've received many spoofed emails purportedly from photo.net members. Same with acquaintances who have Yahoo email accounts - for some reason those seem to be spoofed more often than others. Sometimes their old email accounts have been hacked. Usually they're just spoofed. As a result I never click on links or attachments from anyone. I always verify them indirectly first.
     
  4. I'll worry about PC malware in my gear when the camera firmware is Windows (Oh wait!, we already have the camera in Windows Phone). There is malware crossing platforms from Windows into industrial control systems (Stuxnet, Dragonfly, BlackEnergy, etc.) so the engineering knowledge is out there. The effort/reward ratio for building cross-platform camera malware may not be high enough to target cameras with proprietary firmware, purpose-built CPUs, and short product cycles, so I consider the malware risk to cameras very low. However, if I receive an unsolicited email with an attachment to update my camera's firmware, I would follow Lex's advice and not fall victim to a phishing attack.
     
  5. A few weeks back there was a NOVA program on PBS about cyber attacks. A spokesperson/analyst from Norton was the main authority featured in the program. A malware was developed whose code operates with operating systems security in place of trying to circumvent it. The code was designed to seek out a specific target and affect it only. The target was the programmable controllers used in Iran's centrifuge for enriching Uranium. It worked. It reportedly set back their nuclear enrichment program 6 months. It is speculated that the U.S. and Israel governments worked together to develop the code. Neither government has denied nor confirmed it. The code was not intended to go public but it has.
    Iran's nuclear computer system is not connected to the internet in any way. Cd's, DVD's, flash drives with the code were labeled with various company info such as payroll backup and left in public places where employes of the centrifuges frequented during off times.
    All the more reason to pay attention to attachments and only download from trusted sites.
     
  6. Especially if you are trying to enrich uranium.
    I've had trouble with my centrifuges ever since.
     
  7. The malicious code directed the equipment to do one thing while reporting something different to the control and monitoring systems. Speed of 1000 rpm was reported as 500 rpm, temperature of 100°F reported as 75°F for example.
    The seriousness of this is the code can be modified to affect any piece of equipment using a CPU including your desktop, laptop, tablet, or cell phone or car.
     
  8. Every code can be modified to do anything that is possible to do to a piece of equipment capable of running code. Even if that means rewriting it to something completely different than it was. That's not serious or alarming.<br>Modifying code that operates an ultracentrifuge so it runs on and does damage to, say, a Canon D5 will be an example of that, of having to throw out everything except a part of the original concept and start coding from scratch again. Want the same virus to jump species, say to a Nikon D800? Keep the concept, scratch everything else and start coding again.
     

Share This Page