AV-lacking photo printing kiosks propagating malware
Users of the Windows-based Fuji photo kiosks set up in Big W retail stores all over Australia are in danger of having their USB drives – and, consequently, their computers – infected by malware.
The fact was discovered by IT consultant Morgan Storey, who found a suspicious file on a USB drive his wife used to carry pictures she wanted to develop at a Fujifilm DPC XTR sit-down photo kiosk located at a Big W store in Mt Gravatt, a suburb of Brisbane.
A quick scan with an anti-virus solution revealed that the stick was infected with Trojan.Poison-36, a phone home Trojan that tries to prevent antivirus software from doing their job, then tries to download other malware onto the system.
He notified the retail chain about the incident, and according to Risky.biz, he received the following reply:
According to this, until now, the kiosks didn’t have ANY anti-virus software installed.
“It is something they could have designed against, by using a software restriction policy, or simply making the USB devices read only via policy, or hey you know Antivirus that at least occasionally gets updated,” says Morgan in his blog post. “My problem with this issue, is that there seems to be little design that has gone into a system that thousands of people probably use a week, and little concern for users of these systems, how many people are going to get home and infect their systems, how many are going to not realize it was due to the dodgy kiosk they used and then blame the internet, Microsoft, or their kids.”