SD Card Invaders?

I haven't heard of this happening before. I'd say before any red flags are raised I'd make sure that those files aren't from your camera or software you use to upload photo's. If you have another SD card follow the same steps you did and see if the camera drops files onto it (besides the folder it creates per album). Then go to upload and see if it's software related.

I'm interested either way, obviously millions of people upload photo's everyday and if precautions need to be taken it would be a wonderful article to publish on CR4.

They definitely were not from the camera nor from my computer. I've been using this camera for some time now, and yes I have seen something like this once before on an SD card (that's once out of maybe hundreds of download operations) which had been shared with someone else, so I wasn't sure where it came from; and I have seen it once on my computer, now that I think of it, may have been in a file with photos.

These were .exe type programs (not used on a linux system). The one that caught my eye with an english name had "matlab" in the title. Not my software, and definitely nothing to do with my photo processing. The dates on these files were all between 1980 and 1983, and almost all labeled in Chinese or similar.

Wierd old stuff.

Well I went looking to see if I could find something about this. I haven't seen this story exactly, but I did find

(A) malware has been known to camo as a matlab.exe. http://www.file.net/process/matlab.exe.html That matches the product.

(b) I found a report of malware (circa 2005) that "redirects the execution using Image File execution" http://vil.nai.com/vil/content/v_135238.htm

So maybe there is malware around that already has an affinity for subverting image file processes, so when it gets in it goes looking for image files to hide with? I'm just guessing.

Why not use the usb cable to transfer pictures?

it goes through the usual virus checks, I use picasa, for most things, gimp for more detailed editing.

After having a card [XD] popout & land in a heater register, I never removed one again other than to install a larger capacity....

I find the cables more of a hassle. Go find the right cable.. Whereas the card is very handy (haven't toasted one yet..).

I think the junk on the SD card probably can't affect me in Ubuntu - .exe programs don't usually run under linux unless you are set up to do so. But it is bothersome that it got through my firewall, anyway. And of course, the card is now junk!

I guess this is just a variation of a past scam. Last year a friend purchased a flash drive (made in China) that was infected. Edmund

There have been incidents where malware was placed on SD cards and other removable devices in the last few years. I recommend having your spyware/anti-virus program scan the cards first.

The programs will probably track what you do on the computer - that is the info I got from my anti-virus provider.

Al

Are you using Maxthon as browser.

This happened to me also.

It also changed default site in chinese

no, not Maxthon.

I did some checking at one point on the origins of attempts that were caught by my firewall - a majority were Chinese in origin. So I guess it's no surprise!

SD cards pre-loaded with malware are now showing up all over. They all seem to be of Chinese origin. I seem to remember an article about this on the Kim Commando web site (very useful computer info source). Panda has an anti-malware program specifically for devices like thumb drives and SD cards. You are smart to be running Linux because, so far at least, the stuff all seems to be aimed at windows. In the mean time the best thing to do is to turn off the auto run function on computers running windows. If a thumb drive or SD card is in the computer when it is booted up the malware will run before the anti-virus program can kick in.

That's good practical advice: don't boot up with thumb drive or SD engaged.

I got a clean SD for my photos, and since the trouble seemed to get in over the internet, I'm now doing my photo transfers while offline, and removing the card before I go online.