ITH
IT History Journal
February 17

Feb 17, 2008 — Information About the Mocmex Trojan Is Published

February 17, 2008

On February 17, 2008, detailed information about a new and unusual piece of malware called Mocmex was publicly published in Seattle Post-Intelligencer.

At first glance, it looked like just another trojan. But the story behind it turned out to be much more serious. Mocmex became one of the most well‑known examples of a supply chain malware infection — long before the term became popular.

How It Started
The story began in early 2008.

Users started buying digital photo frames — simple devices that displayed photos from memory cards or internal storage.

Shortly after connecting the devices to Windows computers via USB, some users noticed strange activity. Antivirus programs began detecting unknown files.

Security researchers took a closer look.

February 17, 2008
On February 17, 2008, security analysts published detailed technical information about the trojan. The malware was named Mocmex.

The publication described how the Trojan was preinstalled directly on the internal memory of certain digital photo frames before they reached customers.

This meant that users were infected the moment they connected the device to their computer.

What Mocmex Did
Mocmex was not a simple prank virus.

It attempted to steal login credentials and sensitive information from infected Windows systems. It also tried to download additional malicious components from remote servers.

Researchers discovered that the Trojan used advanced techniques for that time, including encryption and obfuscation.

Who Investigated the Case
The investigation involved multiple security companies.

Among the first to analyze and publicly report the threat was McAfee Avert Labs. Other researchers and antivirus vendors later confirmed the findings and published their own reports.

The case quickly gained attention because the infection did not happen through email attachments or suspicious downloads. It happened through a consumer hardware device.

Why This Case Matters
In 2008, the idea that malware could be preinstalled on hardware at the factory level sounded alarming.

Today, we call this a supply chain attack. But at that time, it was still a rare and shocking event.

The Mocmex case showed that security risks do not start only when users click something wrong. Sometimes the risk is already present inside the product.

Years later, the world would see even larger supply chain incidents. But Mocmex remains one of the early warning signs.

It was a quiet but important moment in the history of cybersecurity.