A batch of China-made media players sold over the holidays by a Dutch importer was found to carry malware. PCWorld, citing a Kaspersky blog post, identified the malware to be a worm. Trend Micro detects it as PE_FUJACKS.FL-O, a file infector that propagates not only via removable drives but also via network shares.
The particular model involved is the 512 MB USB media player called Victory LT-200, which is sold by Victory Nederland. By the first week of January, only three customers have complained about the malware, according to the company’s managing director, Joost Blom, in an interview with PCWorld.
This file infector searches the affected system for files with the following extensions:
These infected files are detected as PE_FUJACKS.EA.
The Victory LT-200 is the latest in a long list of USB media shipped with malware. It can be recalled that October 2006 saw two such incidents, when iPod videos manufactured after September 11 of that year were shipped with WORM_SIWEOL.A and when McDonald’s Japan recalled MP3 player freebies when these were found to be infected by WORM_QQPASS.ADH.
In the same year, satellite navigation devices called TomTom GO 910 shipped between September and November were confirmed to contain two Trojans detected as TROJ_PERLOVGA.A and TROJ_GENERIC. In 2007, another USB infection was seen, this time involving a rootkit detected as RTKT_XCP.B, which is installed along with the Sony MicroVault USM-F fingerprint reader application. This app allows a user to restrict access to files stored in the Sony MicroVault USM-F USB drive through the recognition of user-preset fingerprints.
This latest USB incident again serves as a reminder that new doesn’t always mean safe. Be careful of plug-and-play peripherals that could bring off-the-shelf malware. Lucky for Trend Micro customers, they are now protected from this threat.