Olympus cameras shipping with a surprise: Malware

Olympus has issued a warning to customers who bought the relatively new Stylus Tough 6010 shockproof and waterproof camera, informing them that their new cameras may have come with surprise malware on the internal XD cards. 

The malware can't actually infect the camera itself, but it is similar to the Samsung Wave which shipped last year with malware on its internal memory. The malware found on the internal memory card uses autorun to automatically launch itself and infect the PC it's attached to. 

Apparently not all the cameras are infected though, only around 1700 are affected - you can check this through entering your serial number into a form on the companies website, although it is in Japanese. In the warning, Olympus said it "humbly apologises" and is looking to improve its quality control procedures in the future. 

In the blog post by Sophos, the company says that "With such a long history of incidents like this, more companies need to wake up to the need for better quality control to ensure that they don't ship virus-infected gadgets. At the same time, consumers should learn to always ensure Autorun is disabled, and scan any device for malware, before they use it on their computer."

Report a problem with article
Previous Story

Google protests Apple's new developer program rules

Next Story

Length Doesn't Matter: Twitter forcing universal URL shortening soon

17 Comments

ObiWanToby said,
Does the factory these places produce this at have malware, or do the devs? I mean how? Is there someone on the inside?

I'm guessing an angry employee?

andrewbares said,

I'm guessing an angry employee?

Or just someone doing a quality check (or 'borrowing' a unit) and connecting it to an infected PC.

Seems pretty reasonable, to me.

markjensen said,
Or just someone doing a quality check (or 'borrowing' a unit) and connecting it to an infected PC.

Seems pretty reasonable, to me.

Borrowing 1700 of them?

Does anyone really have autorun enabled these days? It's really one of the dumbest features an OS could have. Why Microsoft hasn't completely removed it by now is a mystery to me.

Skyfrog said,
Does anyone really have autorun enabled these days? It's really one of the dumbest features an OS could have. Why Microsoft hasn't completely removed it by now is a mystery to me.

Autorun for non-optical devices got removed in Windows 7, and Microsoft released updates to remove it in other versions of Windows too.
http://support.microsoft.com/kb/971029
Since it is on the memory card, then guess anybody with Windows 7 or any updated version of Windows shouldn't worry.

kInG aLeXo said,

Autorun for non-optical devices got removed in Windows 7, and Microsoft released updates to remove it in other versions of Windows too.
http://support.microsoft.com/kb/971029
Since it is on the memory card, then guess anybody with Windows 7 or any updated version of Windows shouldn't worry.

Removed? Where? I insert usb drive, oh autorun, I pop in a multimedia card, autorun, I connect a usb hdd or esata hdd, oh autorun... Hence, even internal sata have autorun...

BTW, MAC also have autorun, it's not a "feature" of windows. And this feature, implemented in windows 95 or 98 if I recall, was specially for people like momy and dady who don't have knowledge in computer. You do know some people are using computer but don't even know what a file is?

Nodiaque said,

Removed? Where? I insert usb drive, oh autorun, I pop in a multimedia card, autorun, I connect a usb hdd or esata hdd, oh autorun... Hence, even internal sata have autorun...

BTW, MAC also have autorun, it's not a "feature" of windows. And this feature, implemented in windows 95 or 98 if I recall, was specially for people like momy and dady who don't have knowledge in computer. You do know some people are using computer but don't even know what a file is?


By AutoRun I meant that Windows executes whatever commands are in the device\autorun.inf file.
That "behavior" is no longer there in Windows 7, except for optical devices (eg CD\DVD), if you put USB or HDD and it have autorun.inf inside it Windows will not even try to read it or execute any commands inside it (eg execute another program in the device which could be malware).
Read here for more info: http://blogs.technet.com/b/srd...n-changes-in-windows-7.aspx
and:
http://windowshelp.microsoft.c...-9615-e2c3bfd92b751033.mspx
And yes, some people don't know, or atleast shouldn't care what a file is or what file to click, if I buy a DVD for a game\movie I prefer that once I put it, it just starts the game or the movie instead of me trying to figure out which file to click etc.

Nodiaque said,

Removed? Where? I insert usb drive, oh autorun, I pop in a multimedia card, autorun, I connect a usb hdd or esata hdd, oh autorun... Hence, even internal sata have autorun...

BTW, MAC also have autorun, it's not a "feature" of windows. And this feature, implemented in windows 95 or 98 if I recall, was specially for people like momy and dady who don't have knowledge in computer. You do know some people are using computer but don't even know what a file is?

Sounds like you haven't used a Mac in a long time. Apple removed this stupid feature a long time ago. Autorun is a security nightmare and shouldn't be in any OS, and if "mommys and daddys" are too ignorant to use their computer without crap like this maybe they should take some time to learn. There would be a lot less malware spread around the world if not for clueless people.

How can this even happen...

I thought the cards were simply just formatted at low-level on dedicated machines, not on random infected Windows PC's.

Northgrove said,
How can this even happen...

I thought the cards were simply just formatted at low-level on dedicated machines, not on random infected Windows PC's.

This could easilly happen...
1) A Quality Assurance employee visits a website and downloads some file that contains malware that has the ability to replicate itself.
2) Employee connects one of these devices to his PC in order to do some testing on it (his job...)
3) Malware detects the external storage device and replicates itself there.
4) QA person deciceds the device is good, unplugs it, and sends it off to shipping.
5) Store sells it, and hell freezes over...

Conjor said,

This could easilly happen...
1) A Quality Assurance employee visits a website and downloads some file that contains malware that has the ability to replicate itself.
2) Employee connects one of these devices to his PC in order to do some testing on it (his job...)
3) Malware detects the external storage device and replicates itself there.
4) QA person deciceds the device is good, unplugs it, and sends it off to shipping.
5) Store sells it, and hell freezes over...

I don't think it is a mistake or accident. It was done on purpose.

Commenting is disabled on this article.