Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Police body cams found pre-installed with notorious Conficker worm",ArsTechnica


  • Please log in to reply
4 replies to this topic

#1 Dazzzler

Dazzzler

  • Banned Spammer
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 15 November 2015 - 05:38 AM

US-based iPower Technologies has discovered that body cameras sold by Martel Electronics come pre-infected with the Conficker worm (Win32/Conficker.B!inf).

The specific line of body cameras iPower tested, is the same one sold to police forces around the US, used by street patrol officers and SWAT team members in their operations.

The model, Frontline Body Camera, is attached to an officer's chest and works by recording his activities on video, his location using a GPS tracker, and taking regular snapshots as images.

The camera records data on an internal drive, from where the officer or his supervisors can download it onto a computer via a USB cable.

According to iPower's account, this is where they've spotted the infection.

Read more : http://news.softpedia.com/news/police-body-cameras-shipped-with-pre-installed-conficker-virus-496177.shtml


Edited by hamluis, 17 November 2015 - 01:09 PM.
Merged topics - Hamluis.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 AM

Posted 15 November 2015 - 08:19 AM

 

Win32/Conficker.B!inf

The inf part of the signature name indicates that an autorun.inf file was detected. This is one way that Conficker uses to spread.

In case of a real infection, the Conficker executable (PE file) should also be detected. This doesn't look to be the case here. What probably happened is that the camera was connected via USB to an old computer infected with Conficker, which "infected" the camera. Then the camera was connected via USB to another computer with AV, which detected and removed the Conficker executable, but not the autorun.inf file.

And then the camera came into the hands of the company whose AV detected the autorun.inf and then proceeded to released this press release to warn us about IoT devices.

 

Conficker is Windows malware. Most IoT devices run Linux.


Edited by Didier Stevens, 15 November 2015 - 08:20 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:24 AM

Posted 15 November 2015 - 11:18 AM

The detection name is used by Microsoft.

The company's IT team was evaluating a new batch of body cameras they had just received from Martel, and after unwrapping and connecting one to a computer, they were alerted by their security solution of the Conficker infection.

This company uses MSE for Business (or something like that)?

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 17 November 2015 - 09:57 AM

One of the world's most prolific computer worms has been found infecting several police body cameras that were sent to security researchers, the researchers reported.

According to a blog post published last week by security firm iPower, multiple police cams manufactured by Martel Electronics came pre-installed with Win32/Conficker.B!inf. When one such camera was attached to a computer in the iPower lab, it immediately triggered the PC's antivirus program. When company researchers allowed the worm to infect the computer, the computer then attempted to spread the infection to other machines on the network.


Thread: http://arstechnica.com/security/2015/11/police-body-cams-found-pre-installed-with-notorious-conficker-worm/

For those who don't know what Conficker is.

https://en.wikipedia.org/wiki/Conficker
https://www.microsoft.com/security/pc-security/conficker.aspx
https://www.sophos.com/en-us/support/knowledgebase/51169.aspx

This doesn't surprise me, since I still get from time to time Conficker detection in our firewall (yes, it's still out there).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Jprocks

Jprocks

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 AM

Posted 17 November 2015 - 12:11 PM

I should be surprised that they came infected from a supplier to the police force.

However having had dealings with the police here in the UK I am not.

Just wish they would learn how to implement proper safeguards everywhere.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users