German customers of retail chain Tchibo got quite a bonus when buying a Hama-manufactured slide scanner: one of the most devastating pieces of malware in the past five years.
According to a report by Heise Security, the Win32.Worm.Downadup.B (also known as Conficker.B) worm was hidden in the deviceâ€™s SD card, along with a specially crafted autorun.inf file supposed to execute the worm when the card is plugged into a computer. However, since Microsoft has patched the Autorun behavior to prevent automated malware execution, most Windows users will not get infected when they plug the card in.
Interesting enough is that the piece of malware is present in a file called DCIM.exe. As most operating systems are instructed to hide known file extensions, the user could easily mistake the virus with the DCIM folder where the scanned pictures are stored and click the malicious file, which would initiate the infection.
Although it has received no updates in years from its creators, the Conficker worm is still making rounds in Germany. A Bitdefender survey in the second half of 2012Â placeÂ it as the fourth most common threat in the DACH region. The virus blocks access to websites of antivirus companies and support forums, and prevents the user from installing certain software applications. The virus is then used to plant rogue security solutions on the victimâ€™s PCs in an attempt to extort the user.
Tchibo has taken the issue extremely seriously and now offers refunds to any customer who wants to return their affected devices. However, computer users who have an antivirus solution installed on their machines can just plug the card in and let the antivirus automatically remove the files.