For the second year in a row, some of those digital photo frames lying under the Christmas tree may come with a nasty surprise.
Samsung says that CDs that shipped with many models of its digital photo frames may have included a malicious Trojan horse program that gives cyber criminals access to the PC.
The malicious software, known as W32.Sality.AE lies in the XP version of Samsung's Frame Manager 1.08 software, which ships with many other models of Samsung frames.
A malware reaches a host PC only if Frame Manager is loaded from the CD, which can convert the digital photo frame to a USB monitor. It doesn't affect Windows Vista users. W32.Sality.AE has been known in the security community since April and is detected by antivirus software.
CDs with malicious code may have also shipped with the digital photo frame models SPF-75H, SPF-76H, SPF-85H, SPF-85P, SPF-105P, Samsung wrote in an alert (pdf) it issued in late November.
Samsung recommends users to download and install the updated version of Frame Manager XP software available from the Download Center at Samsung.com.
Earlier last week, Amazon.com issued an alert saying the worm affects Amazon buyers of the SPF-85H 8-inch digital photo frames sold between October and December 2008 for about US$150.
The story was first reported by German publication PC Professionell earlier this month.
This is not the first time that viruses have shipped along side digital photo frames. Last year, retailer Best Buy Stores said it had sold digital picture frames that were contaminated with a computer virus. The digital picture frame was an in-house brand called Insignia, and that specific model with the virus was later discontinued by US retailer Best Buy.