Trojan Found In New HDs Sold In Taiwan

GSGKT writes "About 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand were found to have trojan horse malwares pre-installed (autorun.inf and ghost.pif). When the HD is in use, these forward information on the disk to two websites in Beijing, China: www.nice8.org or www.we168.org. The article implies that authorities believe the Chinese government is behind the trojans. A later article pins down the point of infection to a subcontractor company in China. A couple of months back the Register was reporting on pre-installed malware detected on Maxtor disks sold in the Netherlands. This earlier report was downplayed by a Seagate spokesman." The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.

Same

[renegadesx]

Lead in paint, malware in HD's same thing really

Re:Same

[Monsuco]

Lead in paint, malware in HD's same thing really

Except that pesky death part. Meh details.

Re:Same

[RuBLed]

I hate these scripts that utilizes autorun.inf. In my country they are so popular, everyone makes one, script kiddies! On the bright side, it could be easily removed most of the time.

The current (as of writing) Windows Secrets newsletter features an article that would let you at least prevent most kind of autorun.inf scripts from ever running in the first place. It would save me some trouble from all those college girls (errr.. I mean relatives) that gets infected by these sort of things all the time...

One quick trick

Re:Same

[Threni]

I'm pretty sure that I had a KillZilla virus on my brand new, boxed Sony 2gig flash memory device I bought in Bangkok (in a reputable shopping mall). The

Re:Same

[Just+Some+Guy]

Lead in paint, malware in HD's same thing really

I'm not prone to conspiracy theories, except in the fun "Illuminatus! Trilogy" way. Therefore, this is (mostly) "what-if" speculation:

China seems to be the lead dog in the running for taking over from the USA as a hyperpower. And now, coincidentally, there are a whole rash of protects being exported from China to America that - oh, my bad! - just happen to contain chemicals that make children stupid. I suppose there are worse ways to take over a country than to ruin its youngest generation. Sit back and watch as its future workforce and military gets the IQ of a cocker spaniel. Observe how school systems collapse as they try in vain to deal with a population-wide intelligence drop. Note how the crime rate reverses its previous decline. Watch an already-overworked economy try to finance solutions for all of the above.

So, is China too stupid to remember not to use lead paint on toys, or smart enough to make it look like an accident?

Nah, I probably don't believe all that. Still, I'll be lead-testing every single Christmas toy my kids get this year, and I'm dead serious about that.

Re:Same

Nah, I probably don't believe all that. Still, I'll be lead-testing every single Christmas toy my kids get this year, and I'm dead serious about that.

Using what, an off the shelf kit? They've already found that some of the Chinese factories are putting extra clear coatings over the led paint to hide it.. except that when your two year old gnaws that off they still get the full effect of a led-laden childhood.

Fuck it, if the Mexicans can keep product quality under control I vote we prioritize buying stuff from them. At least they're on the same damned continent.

Re:Same

[Just+Some+Guy]

Fuck it, if the Mexicans can keep product quality under control I vote we prioritize buying stuff from them. At least they're on the same damned continent.

I'm with you there. I don't think the same thing could happen here. "Hey, why is that big drum of paint labelled 'Hazard: Contains lead'? My nephew wants one of these for his birthday..." Sure, some people would go along, but I doubt you could get everyone in a factory to willingly use known-toxic chemicals on children's toys.

Re:Same

[jo42]

The first thing I do after installing XP (or the Pile Of Poop called Vista) is to disable autorun. This, in my opinion, is the most retarded 'feature' that Microsoft ever put into Windows.

First off...

[explosivejared]

Anyone who doesn't wipe a new drive first off is just begging for this sort of thing. Secondly, I guess it's a new competition for Chinese manufacturers to see what's the worst secret addition to a product sent overseas. Lead in toys, GHB in toys, phone-homes on HDD's... what's next killer bees in new TV's... really. Consumerism bites!!

Re:First off...

[corsec67]

In windows, wouldn't the HD be mounted before you can format it?

I know in most Linux distros a HD that isn't mentioned in fstab will not get mounted, but what about Windows?

I guess you have to boot from a LiveCD and format the disc to be sure.

Re:First off...

[ChrisMounce]

I believe that the Windows installation CD is bootable and has a format utility, so you wouldn't necessarily need a Linux CD (I'm assuming that's what you meant by "LiveCD"). If there was malware on the drive, I can't see any way it could get into the Windows installer program as long as you were booting off the CD.

Of course, if you wanted your PC to stay secure, then yes, you would need a Linux CD.</obligatoryjoke>

Re:First off...

[MrAndrews]

Exactly! The TFA has a definite agenda... in reality, this is a competitive move by Maxtor. You have to do extraordinary things to stand out in this global economy.

Re:First off...

I always disable autorun and auto insert notification in Windows because it annoys me when discs run their installers or ask to open a media player when I place them in the drive. If it doesn't autorun, you can connect the drive and format it without worry.

Re:First off...

[ChrisMounce]

Wait... Nevermind, I see you were talking about using the drive for external storage — for some reason I was thinking you were installing the drive into a new computer or something.

Re:First off...

[zsouthboy]

I can confirm windows tries to autorun any such file, if present, and if not, searches the disk for "content" (images, music, etc.) to present an autorun option to the user.

Re:First off...

Anyone who doesn't wipe a new drive first off is just begging for this sort of thing. Secondly, I guess it's a new competition for Chinese manufacturers to see what's the worst secret addition to a product sent overseas. Lead in toys, GHB in toys, phone-homes on HDD's... what's next killer bees in new TV's... really. Consumerism bites!!


Actually, it's Globalism that bites.

Turns out that outsourcing your entire manufacturing industry to a country that cares jack and shit about consumer safety and trade laws isn't really a great idea, eh?

Re:First off...

[uncoveror]

When I read that these drives were originally for government agencies, I suspected it might be Monkeypoo... VIRUS WARNING: Attention: Computer Labs Inc., makers of Virucide antivirus software have identified a highly dangerous new Trojan worm, MONKEYPOO. It will usually appear in an e-mail with the subject, "Congratulations.You have won!" it will then prompt you to click a link to collect your cash prize. It can also freely spread across networks. Monkeypoo will read your address book, and mail a copy of itself to every address it finds, and it will look like you sent it. It will then invoke the secret self-destruct command held over from the original IBM PC's 8086 command set. This short line of code will cause the processor, ram, hard drive and any floppy drives to spin out of control and overheat until key components melt together, and will most likely cause a fire. James Winklee, a former IBM programmer had this to say. "We developed the self-destruct code so government agencies such as the FBI and CIA could quickly and completely destroy compromised computer systems before an enemy could get their hands on classified information. When we saw how violently a PC executing the command burst into flames, we decided not to publish its existence. It has been kept a secret successfully until now. If you get infected with the Monkeypoo Trojan worm, you may notice your computer going completely haywire. Physically unplug it from power as fast as you can, and send it in for repair. Only a professional can remove this one." While Computer Labs Inc and other antivirus software makers are working on a solution, they haven't got one a home user could successfully run yet. "This is the worst kind of malicious code I have ever seen." said Marcus Polan of Computer labs Inc. Use extreme caution. It is important that as many computer users as possible receive this warning, so send it out to as many people as you can. The entire Internet and every PC connected to it is at risk.

Re:First off...

[ozmanjusri]

A default install of XP will autostart (i.e, autorun.inf) any external drive when it's plugged in. In theory, a program shouldn't run automatically without user intervention. You should get that menu offering to play music, copy files etc.

In practice, it's easy to get an app to run invisibly. If someone is trojaning OEM drives, Microsoft's choice of defaulting to the insecure autorun mode means a lot of people will be infected.

Re:First off...

>I'm not sure how Windows actually handles "mounting" behind the scenes

Simple. You install Windows, and feel as if you were being mounted by Ball-mer. With a chair.

Re:First off...

[dotgain]

Or in my case, it tries to assign a driver letter, fails because there's already a drive using that letter, and says:

24 Volumes ought to be enough for anybody. Bet you never thought you'd run out of drive letter, huh?

Re:First off...

[Datamonstar]

It could stay resident in memory.

Re:First off...

[colfer]

Overriding autorun can be done in the registry, so you don't have to remember to hold down the shift key. Does it work for USB hard drives? Probably. These are the notes I have.

Works for USB drives and CD-ROMS.
[2007/10, from:
http://www.mydigitallife.info/2006/09/11/disable-auto-run-and-auto-play-of-u3-smart-drives-launchpad/%5D

      1. Click Start -> Run.
      2. Type RegEdit in the Open text box, then press ENTER.
      3. In the Registry Editor, locate and click the following registry key:

            HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom
      4. Modify the value of the Autorun to 0 (zero) so that CD-ROMs and Audio CDs do not run and start automatically when inserted.
      5. Next navigate to the following registry subkey:

            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
      6. Modify the value of the NoDriveTypeAutoRun entry to 0xb5 value to turn off the AutoRun feature for CD-ROMs by right-click NoDriveTypeAutoRun and then click Modify to type B5 in the Value data box. Select Hexadecimal, and then click OK.
      7. Quit Registry Editor.
      8. Restart your computer.

Re:First off...

[networkBoy]

Internal, external, whatever. Irrespective of the application I format any drive before use, additionally I would be spooked by an already formatted drive (don't they ship blank?)
-nB

Re:First off...

[networkBoy]

Um... I've always found it more convenient to mount drives as a subdir in windows, doubly so if you have tons of drives.
-nB

Re:First off...

[Doctor+Memory]

I would be spooked by an already formatted drive (don't they ship blank?) According to my Solaris box, yes, they do. At least, I've never been able to just install a new drive and do anything with it before I partitioned it and laid down a file system.

Re:First off...

[mikael]

I've partitioned and formatted my own external USB drives on both Windows and Linux. In both cases, there are GUI based applications to assist you.
You first perform an integrity check (optional), set up your partitions (decide how many, what type and how big each partition is going to be). This would be (FAT16, FAT32, NTFS) for Windows, and whole many others for Linux (EXT3, SWAP, etc...)

Re:First off...

[Z80xxc!]

It depends if the drive has ever been formatted before. In this case, the drive has most likely been formatted or else there wouldn't be files on the drive. However, if the drive is not pre-formatted, it can't be mounted until you format it.

Yes, a Linux live CD or a BartPE CD would probably be in order, but most people (slashdot readers do not count) wouldn't even know what those are, let alone think to use one to format their new HD, or for that matter be capable of doing so even if they wanted to. It's just too big of a hassle for ordinary folk.

Re:First off...

[iminplaya]

That could be a violation.

Re:First off...

[Lost+Engineer]

Drives intended as extra space often do ship pre-formatted with FAT-something to save you the trouble. Formatting seems like a good idea.

Re:First off...

[timeOday]

Sssh! The shift key is a copy-protection circumvention measure of questionable legality!

Re:First off...

"This scenario seems unlikely because the 3200 does not have any software preloaded on the drive so there is not an opportunity for a virus to be loaded," he said. Yes the drive is formatted but I have never heard of a virus that lives in the master boot record."

He works for a hard drive manufacturer and has never heard of a MBR virus? How the hell did he get his job?

Re:First off...

Why do you sign your posts?! Your username is already there, above your text! GAWD! Narcissistic, YOU ARE.

Re:First off...

[Kadin2048]

Internal, external, whatever. Irrespective of the application I format any drive before use, additionally I would be spooked by an already formatted drive (don't they ship blank?)
-nB Most internal and OEM/whitebox drives ship blank, but some externals are pre-formatted, and are even sold with software on the drive as a "value added." Maxtor, for instance, puts some Windows backup stuff on there. I think most of the other drive manufacturers do similar stuff. The software from Maxtor/Seagate/WD is probably pretty benign, but once you teach users that it's safe to accept software from 'strangers,' suddenly that el-cheapo external HD that came with some free software on it doesn't seem the least bit odd...

It wouldn't surprise me if there are manufacturers out there producing hdds that have separate partitions on them for the bundled software that are very hard to delete if you don't know what you're doing (similar to what those Windows-only USB sticks do).

Re:First off...

[weicco]

Heh. That was funny. But still, it was little inaccurate. Finnish lower court has decided that holding down a shift is not a measure that circumvents effective copy protection mechanism (meaning that any copy protection that counts on autorun isn't effective) so that is totally legal thing to do :)

Re:First off...

[SleepyHappyDoc]

One of these days, some troll is going to post up something like this, technical enough to get +5, but flawed enough to hose people.

Re:First off...

[ozmanjusri]

Already been done.

Re:First off...

Next they will crash their ships into our bridges and dump oil into our bays - oops, too late.

http://news.yahoo.com/s/ap/20071112/ap_on_re_us/bay_spill

Re:First off...

[tokul]

Anyone who doesn't wipe a new drive first off is just begging for this sort of thing.

you have to connect drive to your pc and load some OS in order to wipe it. Some OSes with very big market share don't provide any controls that can disable execution of autorun.inf without breaking some non autorun.inf related functions.

Re:First off...

[Calinous]

FAT32 and NTFS partitions are automagically mounted in Windows 2000 and XP if the hard drive was recognized. Windows 2003 requests you to go to Disk Management and "activate" the disk.
      I know I have my autorun.inf disabled on the CD-ROM (did this long time ago). However, I think it might remain enabled on new drives, so one of those hard drives (which you can't fdisk/format in Windows unless the operating system is already running) would bite me.

Re:First off...

[zaivala]

[quote}I'm not sure how Windows actually handles "mounting" behind the scenes, but to the user, a new drive typically just shows up automatically as a drive letter (like F:\) both in the GUI and the command prompt. Then when you try to access the drive, you'll get a dialog box saying the drive isn't formatted and asking if you'd like to format it.

In the case of preformatted external drives (which this one is supposed to be), however, not only will the drive immediately become available for access as soon as it's connected, Windows may also try to autorun any programs listed in the drive's autorun.inf.{/quote]

Um, Windows only shows drives IF they are Windows format (FAT or NTFS)...

Re:First off...

[weber]

You gotta love the Finnish courts: breaking CSS okay

Re:First off...

[johannesg]

Is there some way to stop Windows from creating "system restore" information on my external harddisks? Sure, I can turn it off manually, but the next time I attach the disk it will happily create it again.

Re:First off...

[RpiMatty]

There is also the Tweak UI power toy (from MS themselves)
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

I use that to disable autorun for all drives, and disable all autoplay handlers.

Re:First off...

A lot easier to get PowerToys for Windows TweakUI and then just uncheck the drives in question under the "Enable Autorun" category. More or less the same thing, but with less risk of a screw-up.

Re:First off...

[Rick17JJ]

I wonder about possibly booting a computer from a GParted-LiveCD and reformatting it with the GParted partitioning program on the live CD instead instead of doing it from under Windows. That might be safer. I am not sure if the Linux live CD let a trojan on the hard drive autorun or not (probably not). It is a free live CD which runs Linux and contains GParted which is an easy to use partitioning program. Afterwards, the self-booting CD could be removed and Windows booted instead.

I am not an expert or a technician, but it is something that I have occasionally used on my two computers at home when repartitioning, replacing or adding a second hard drive. They were both Linux computers however, so haven't actually tried it on my only Windows computer.

GParted-LiveCD
Screenshots of GParted-LiveCD

Re:First off...

[Rick17JJ]

I had not noticed that they were talking about portable external hard drives. But, what I said might still work. I have an external USB enclosure, in which, I had installed one of my old leftover IDE hard drives, that I had laying around. I already had Linux on that computer and the GParted partitioning program installed on it. I was able to use GParted to delete the old partition in the external hard drive and create a new one of the type that I wanted. I suppose the GParted-LiveCD could probably have handled that or other external hard drives too, although I am not totally sure.

Re:First off...

[lpw]

Windows (and DOS) show drive letters for partitions that are flagged as windows filesystems (FAT-something, NTFS) in the partition tables of all drives. An integer id is used to identify the partition type, but it does not necessarily mean that the drive is formatted (filesystem data structures may not have yet been created). Thus, Windows may "see" the drive and make it accessible via a drive letter, but still ask you to format it.

Re:First off...

[networkBoy]

Actually I like:
c:\usr\media
c:\usr\source
c:\usr\<whatever>

To each their own I suppose.
-nB

Re:First off...

[Hoi+Polloi]

Wait until China starts exporting hot dogs. *shudder*

Re:First off...

[fatphil]

There have been more "consumer" oriented linux distributions which will auto-mount and auto-play removable media. I forget which ones, but at least one was quite a big name one (Knoppix or Ubuntu, don't know exactly which version, but it was fairly current a year ago, IIRC). I remember doing some googling and seeing that most people running (as in behind) that distribution had no intention of changing that behaviour.

Re:First off...

[Reziac]

Except that holding down SHIFT doesn't always work. Don't know why, it just doesn't.

Never thought of autorun in connection with a newly-installed HD before, tho!!

Re:First off...

[fickles]

Imagine being Lenovo and trying to sell to the US Gov - or a Gov anywhere or an organization for that matter and trying to convince them that the devices could not phone home...

Re:First off...

I recently bought a Maxtor external 120GB USB powered HD. I first connected it to a Linux box, to confirm that it would work in Linux. Linux mounted it fine. It was preformatted NTFS, which was OK with me, as I intended to use it with Windows 2000 computers. I could see a number of directories and files were already on it, but didn't try to do anything to them. When I connected it to a Windows 2000 box, the install program wanted to run and I found that I couldn't use it until I installed the included "backup" software. I wish I'd known about holding the "shift" key down to disable autorun.

It's a bargain!

[techmuse]

Most PCs ship without professionally produced malware installed. While everyone might *wish* that their PC came with such software, only a small percentage of customers are actually lucky enough to get their malware free of charge. Mac users, don't feel bad that your system won't come with it. You get iLife. :-)

Re:It's a bargain!

What do you call AOL then? Most PC's seem to come with that these days.

Re:It's a bargain!

[KPU]

Dell's worldwide market share may be 13% but that alone is more than "a small percentage of customers" who receive malware free of charge with a new PC.

Re:It's a bargain!

[Gygash]

He did say professionally produced malware.

Re:It's a bargain!

[mrbluze]

Mac users, don't feel bad that your system won't come with it. You get iLife. :-) At least the malware is not as easy to find and wasn't put there by the Chinese government.

Re:It's a bargain!

Most PCs ship without professionally produced malware installed.

Not true! The last Dell I worked on had a special service from Dell: it randomly popped up ads from Dell to try and sell you more Dell stuff. The Dell printer driver was configured to monitor the ink supply and pop up ads to sell more ink cartridges when they went below a certain point. I personally consider this "malware".

How dare you suggest that the Chinese/Koreans are ahead of the US in this regard?

go go gadget china!

it's the most corrupt mainstream country in the world right now, so what do you expect?

Re:go go gadget china!

[NeverVotedBush]

And China still openly considers the USA to be an enemy. Why manufacturers subject themselves to these liabilities I'll never... Oh wait - they make more money even if they kill children with GHB overdoses, cripple their brains with lead, or export National secrets and financial data to China.

What the hell was I thinking? American businesses that outsource to China are no better than spies and traitors themselves. For all the damage they do, they might as well be.

Re:go go gadget china!

[dbIII]

And China still openly considers the USA to be an enemy.

They are financing the war dude. It may be a bad idea to borrow a lot of money from China to pay for a war in Iraq but if they considered the USA the enemy or vice versa that just would not be happening. A bunch of old Cold War loonies want to revive the "good old days" of the Cold War and cast China as the enemy but they are becoming less relevant daily. A complete economic crash may give them more power due to the temptation to default on loans from China but hopefully they will never get the chance.

Re:go go gadget china!

[cbacba]

actually, the gov. plan is to subvert china into a capitalist state - assuming that the mentality of the majority of chinese is the same westernized version that existed in american pioneers two and three hundred years ago. Unfortunately, it's not even that common in the US now. It would also seem that china's plan is to subvert the US into socialism. It appears a multipronged approach including sabotaged products and funding antiamerican prosocialist political candidates. Anyone notice any chinese army related campaign funding flaps in the US presidential race yet, er, other than lots of independently wealthy kitchen staff in some chinese restaurants?

It's times like this...

[fractoid]

...that I'm really glad I switched to Linux. :)

Re:It's times like this...

[Brian+Gordon]

I just disabled Windows autorun and I'm equally safe.. *shrug*

Re:It's times like this...

[NeverVotedBush]

Sure you are. Keep telling yourself that...

Re:It's times like this...

[JackieBrown]

I'm sure most window users do this as well....

Re:It's times like this...

[ozmanjusri]

I'm equally safe

Only if you disabled NTLDR as well....

Re:It's times like this...

[ArcherB]

I just disabled Windows autorun and I'm equally safe.. *shrug*

I think the GP is implying that he doesn't have worry about things LIKE this.

An example I have would be a buddy of mine at work. He's a technician also, but not really a "geek". Anyway, he got a message from Time Warner the other day saying he was kicked off his cable Internet for sending out spam. Evidently, his desktop machine got infected. He said, "I don't get it. How did it get infected? I never use it. I always use my notebook. It's behind a firewall. It updates automatically. I just use it for remote access." Obviously, he runs a Windows product. I explained how my Linux box has been on the DMZ for years and I've never had a problem. (none of these are "production" machines, btw.)

Anyway, that is what the GP was talking about. When you run an obscure OS, you are secure through obscurity. That and Linux is pretty damn secure on its own.

Re:It's times like this...

Watch out for the false sence of security. I know OSS can also do things without asking the user first.

Just one example here: a few years ago my FreeBSD/KDE was automounting and executing autorun.inf from a Deus Ex game cdrom I left in a drive. It did not get far since it could not execute setup.exe and gave me a few error dialogs (could not find blah, could not run blah, could not complete blah blah), but it was trying to autorun my CD nonetheless. Had it been an actual virus, and had I properly set up wine, I would get infected (at least with that release of KDE).

Re:It's times like this...

I just disabled Windows autorun and I'm equally safe.. *shrug*

Not even close. *shrug*

Re:It's times like this...

Yeah, but by the time you disable everything in Windows that makes it vulnerable, you end up with the C:\ prompt

Re:It's times like this...

[iminplaya]

I unplugged my computer, so I'm doubly safe. How am I posting this? From my other computer.

Re:It's times like this...

[turing_m]

How convenient! All you have to do to not have a compromised system is to read slashdot every day to chance upon relevant updates, google around for fixes, and follow instructions to use the user-friendly regedit program. Sure, grandma might have a little trouble with it, but windows has got to be ready for the desktop any year now.

Re:It's times like this...

[Nefarious+Wheel]

Yes, well I kept disabling things until the bad guys couldn't find NTOSKRNL any more. Now I feel really safe!

Re:It's times like this...

[fractoid]

I think the GP is implying that he doesn't have worry about things LIKE this. That's kinda what I was getting at. Not just that I don't have to fear malware on my new hard drives (since when do they come preformatted anyway? I always have to format mine...) but I can do things like click on links on the web without thinking "oh, I wonder if it's going to try and corrupt my system", knowing that even if it was, the chances are it'd be able to compromise a Firefox+Ubuntu are slim indeed. I know that this is mostly due to the fact that even as popular a Linux-based OS as Ubuntu is a tiny blip on the effort/reward radar for malware authors, but that isn't going to stop me being smug about it. :)

Re:It's times like this...

[Rick17JJ]

I recently installed a new Maxtor hard drive in my computer at home, although I don't think it was one of the ones that they were talking about. They mentioned both Maxtor and Seagate.

Lets see, what did I do? I installed the hard drive, then I inserted the Linux installation CD and chose the option to manualy repartition. I deleted the partition that came with the hard drive and replaced it with several primary and Logical Linux EXT3 partitions and a Linux swap partition. When installing Linux, I let it install the first stage of the GRUB boot loader in the Master Boot Record (MBR) of the hard drive. Then, I copied many gigabytes of stuff from my old hard drive onto the new one. I doubt that their trojan horse virus would have survived all that repartitioning and overwriting of the MBR. Most likely the Windows virus would not have able to run under Linux anyway?

One of the articles mentioned two specific URLs that were being used to send data back to China. Just now, just to be safe, I added two lines two my hosts file which say to send any information for those two URLs to the 127.0.0.1 loopback address of my computer (instead of to China). That should work on either a Linux or Windows hosts file.

There is probably nothing to worry about on my Linux computer, but, what concerns me more is the possibility of China or someone inserting a trojan into the electronics or firmware of the hard drive instead. How would I ever know if something like that was there?

Re:It's times like this...

"equally safe!?"...BWAHAHAHAHA...little do you know what else lurks in the depths of Windoze machines ;-)

I have the ultimately safe computer. I wiped windoze from the machine completely! :-)

Re:It's times like this...

[Rick17JJ]

Ooops, I had not noticed that they were talking about portable external hard drives. Well, I do also have a external USB hard drive too. It is one where I had to insert an old IDE hard drive, that I had laying around, into the external USB controlled enclosure. Afterwards, while running Linux, I used the GParted partitioning program to delete the old partition and replace it with a Linux EXT3 partition.

Re:It's times like this...

[HiThere]

You are very fortunate that the people who put together Ubuntu gave more thought to it than you have.
And doubly fortunate that the people who put together the Debian version that your version of Ubuntu gave it even more thought.
And triply fortunate that...

I think it goes on for about eight levels. Possibly more. There ARE tradeoffs between ease of use and security. I'm not sure that opting for sudo was the correct choice for Ubuntu to make...but I'm not sure that it wasn't. To me it feels less secure, but that may be an illusion. Linux finally decided that automount was worth the risk, and that's usually correct. But that was considered for most of a decade (how seriously I don't know).

I understand, however, that MSWind has finally started to give security a bit of thought. Originally MSWind was reported as having as little security as possible. They actively removed it. (My understanding was that this was an effort to speed up the system.) They didn't even start giving lip-service to implementing security in MSWind until NT...and there wasn't noticable security in the customer line until XT(XP?), by which time I'd stopped using it for years. People tell me that currently MSWind has decent security. I don't know whether they are correct or not, as I've stopped using it. My inclination is to scoff, but this isn't based on any evidence, and may be incorrect. If it is secure, I doubt that it's because the customers want it...MS probably has some ulterior motive. (They've rarely done things to benefit the end user, though sometimes the end-user has benefited from things that they've done for other reasons [in which I include "to keep their market share from eroding"]).

Re:It's times like this...

[Brian+Gordon]

Well that's a new one.. saying Windows isn't ready for the desktop. And linux is?

Re:It's times like this...

[turing_m]

"saying Windows isn't ready for the desktop. And linux is?"

It is for my desktop. Windows free for approximately 4 months now. The closest I get is WINE and rdesktop.

One of the most compelling reasons for switching was malware (there are lots of other reasons, many idealistic, but what pushed me was malware). And basically, an install of Ubuntu is easier than a complete reinstall of Windows. It also stays fixed, which windows won't without a radical rewrite. There is no good reason why a complete reinstall of a system should be necessary every 6 months or so, or the purchase of a new computer in the case where there is no free tech support available.

In an era of malware, Windows is broken.

Thank goodness for Chinese manufacturing

[JewGold]

I mean, so what if there's a trojan that steals my identity and turns my computer into a botnet node? So what the materials it's comprised of let off poisons that will kill me and my whole family? I saved $6 on this baby!

Re:Thank goodness for Chinese manufacturing

[sqrt(2)]

I stopped buying things made in China. It is possible. I've found that most things you could want to buy have an alternative made here in America, except maybe electronics and you can usually get ones made in Japan. I've been saying this to people for a long time, longer than the last six months when we've been hearing all these stories about poisoned Chinese products. Check the labels, shop around if you can. There are alternatives out there.

Re:Thank goodness for Chinese manufacturing

[Brian+Gordon]

Not after shipping from China!

Re:Thank goodness for Chinese manufacturing

[Opportunist]

It's possible, but how many can? Let's face it, Chinese crap is cheap crap. And with many people just barely making enough money to live on, they can't be choosy. They have to buy what their budget dictates.

Re:Thank goodness for Chinese manufacturing

[JewGold]

Maybe part of the reason that people don't have enough to live on is that all the manufacturing jobs, which used to be the cornerstone of the American economy and middle class, are now in China.

I don't know how much faith I have in this "new economy," which seems to be based on people selling overpriced houses to each other and getting further and further in debt.

Re:Thank goodness for Chinese manufacturing

[Paradise+Pete]

I stopped buying things made in China. It is possible.

It's getting damn difficult. Stuff you'd never imagine. Check out a bottle of apple juice, for instance.

Re:Thank goodness for Chinese manufacturing

[sqrt(2)]

That's what I thought at first, but it's not always the case for everything. For example, little things like toothbrushes--cheap plastic stuff you'd expect to come from China--I found a brand made in America and they're .50$ each. And this is at WAL MART of all places! If you're willing to look around, I am certain you can find a domestic alternative to nearly everything WITHOUT paying substantially more, and the quality is usually much better. You know as well that the money you spend is going back to working Americans and not contributing to our trade defecit. People just aren't willing to try. I think laziness and apathy has far more to do with it than price.

Re:Thank goodness for Chinese manufacturing

[ynososiduts]

A lot of the cheaper stuff is actually made in the USA. It blew my mind when I first saw it too. Hey, if the dollar keeps falling America is going to look like a good place to manufacture goods :).

Re:Thank goodness for Chinese manufacturing

[Opportunist]

1:1.46 to the Euro now. It's getting really scary, if my former boss at the bank is right, at 1.50 we'll see global economy start to shake. At 1.70 we'll be partying like it's 1929.

Re:Thank goodness for Chinese manufacturing

[Jedi+Alec]

*waves hand*

There is no crisis. These are not the dollar devaluations you are looking for.

*stops waving hand*

On a sidenote, for us europeans who have their websites and irc servers with US hosts things are getting better and better every day :-)

Re:Thank goodness for Chinese manufacturing

[nametaken]

As opposed to... what, buying a US made HDD? Where does one acquire those? You can't buy your way out of Chinese manufacturing nowadays.

Re:Thank goodness for Chinese manufacturing

[smannell]

Are you kidding? I recently bought a baseball for my nephew, and every single one of them in the sporting goods store was made in China. I do my best to avoid products from China, but when you can't even buy a baseball that's made here in the states I'd say the battle is already lost. Obviously I didn't NEED a baseball to survive, but if you refuse to buy anything from China you won't be doing much shopping this Christmas. Of course not buying crap you don't need is usually a good thing, but that's another subject.

Can't trust hardware anymore?

[compumike]

While the open source movement has done a great deal toward making software understandable, at some point, people have to trust their computers. However, this used to be a great deal easier, because engineers had a good idea of what could be done with a particular amount of circuitry.

The increasing level of integration means that hardware is more and more of a black box. While this has led to huge savings in cost and performance boosts, we've paid for it by being unable to debug the hardware, and unsure of what's really going on inside.

While the case in the article talks specifically about a trojan horse installed normally on the drive -- and thus something that should have been remedied by a good formatting job -- who knows what could happen once we have vulnerabilities embedded directly into the hardware. One could certainly imagine a trojan that was hard-coded in the firmward and kept moving itself around the disc after attempts to delete it.

It's also seems fishy that much sensitive information (of relevance to a foreign government) could be obtained from randomly putting trojans on hard drives... Isn't it possible that this was an unintentional infection from some disk-handling or testing machine along the line?

--
Educational microcontroller kits for the digital generation.

Re:Can't trust hardware anymore?

[killmofasta]

>"people have to trust their computers."

NEVER. I have been using computers since 1970. This book:

http://www.amazon.com/Satan-Psychotherapy-Unfortunate-Kassler-J-S-P-S/dp/059514506X

Will prove to you, beyound any shadow of doubt, that computers are the essence of all evil.
If you trust your computer, then give your teenager the keys to your car, and your bankcard and tell me how much you'd trust them. 'Trusted-computing' is a self contractictory phrase, like Airline Food, and Military Intelligence.

Re:Can't trust hardware anymore?

You are an idiot.

Re:Can't trust hardware anymore?

[M.+Baranczak]

It's also seems fishy that much sensitive information (of relevance to a foreign government) could be obtained from randomly putting trojans on hard drives... Isn't it possible that this was an unintentional infection from some disk-handling or testing machine along the line? How do you know it was random? Let's say they have a specific target in mind, and they know what sort of hard drives the target uses, and which supplier he gets them from. They infect a whole container load of disks which is bound for that supplier. Whoops, they overdid it - now some unrelated hacker wound up with one of those things, noticed the shenanigans and published them on the net.

Although the second scenario (the boring one) is a lot more likely.

Re:Can't trust hardware anymore?

[glavenoid]

Oh my fucking god. Is this the book where someone creates an electronic brain that turns out to be the devil? If so I've been very actively trying to remember the title for about 10 years. I only got a chance to read the first bit before it was taken away from me, and have always wanted to finish it, but just couldn't for the life of me remember what it's called.

It this is it, then you sir have made me a very happy man...

Re:Can't trust hardware anymore?

You are an Anonymous Coward.

Re:Can't trust hardware anymore?

[pat+mcguire]

This is better than the former situation, whose most obvious manifestation were those Windows-only modems in the 90s. No matter what precautions you take, you're ultimately giving whatever the hardware is total power if you don't have the source, whether the brains are in the main CPU and therefore it comes in the form of malicious drivers, or whether it has onboard computing capability turned against you.

The difference is that the hardware does not have quite so arbitrary of code execution privileges as it's drivers, as it can only access the computer in the ways explicitly granted by your hopefully open-source driver, which if it's well written to give only the absolute necessary privileges will at least mean you have a higher chance of logging odd behavior in some file, somewhere - it's not much better, but if your system is compromised by your hardware, there's still at least a chance of some part of your system maintaining independence and being able to mount a defense. If the driver is still closed, it's still a wash at worst - you only need to root a computer once, and anyone with malicious intent is going to use the better attack vector.

Re:Can't trust hardware anymore?

[JewGold]

>One could certainly imagine a trojan that was hard-coded in the firmward and kept moving
>itself around the disc after attempts to delete it.

If it did that, the user would at least see a trojan that keeps moving and know there's a problem. Imagine rootkit code in the firmware that is completely invisible, except when it detects the Windows (or insert favorite OS here) kernel being loaded within x seconds of power-on, it "slipstreams" itself into the binary as it's being read. The rootkit could snoop your data and do any number of horrible things without you ever knowing it's there. If you used a rootkit scanner to scan your kernel file, it would come up clean. Even taking the platters out of the drive and reading them externally would show a clean drive.

Who says this isn't already out in the wild? It was only sloppiness that caused it to be caught this time.

Re:Can't trust hardware anymore?

[Belial6]

I don't know if it is or is not, but I believe there was a movie called 'Demon Seed' with that plot similar to that, so that might be an avenue to find your book.

Re:Can't trust hardware anymore?

as well a microsoft works

Re:Can't trust hardware anymore?

[Asic+Eng]

It's also seems fishy that much sensitive information (of relevance to a foreign government) could be obtained from randomly putting trojans on hard drives... Isn't it possible that this was an unintentional infection from some disk-handling or testing machine along the line?

It's kinda hard to tell - presidential elections are on in Taiwan, and it's a highly charged contest between the former dictatorial KMT (the Chinese national party) and the freedom-fighter pro-independence DPP. It's not unheard of for each side to make wild accussations, and of course a plot by China (which keeps threatening Taiwan, and which they are still at war with) would motivate DPP voters. Then again, it's quite possible that China would pull something like that - it wouldn't be the first time.

Re:Can't trust hardware anymore?

[rworne]

"The Demon Seed" actually contains the first use of Teledildonics - in the 1970's - by an A.I.!

Talk about visionary!

Not a trojan

[techmuse]

By the way, it isn't a trojan. A trojan is software that convinces the user to install it by looking like something else that the user might want to install. While this may certainly qualify as malware, it isn't a trojan.

Re:Not a trojan

[Megane]

A trojan is software that convinces the user to install it by looking like something else that the user might want to install.

Something else like a... hard disk?

Re:Not a trojan

[malvidin]

Although I agree with your definition of a trojan, I have to say that this is a trojan as well.

If someone puts malware in a device I would willingly put in my computer without me employing security measures, I would consider that more true to the original source of the term.

Re:Not a trojan

[Waffle+Iron]

Computer <-> Troy

SATA connector <-> City gate

Disk drive <-> Big wooden horse

Autorun file <-> Greek soldiers

Re:Not a trojan

[Jeff+DeMaagd]

>>A trojan is software that convinces the user to install it by looking like something else that the user might want to install.

>Something else like a... hard disk?

A hard disk is mostly... hardware. There's a little software in it, even in a good, uninfected unit, but that's called firmware. One doesn't buy a hard disk for that firmware.

Re:Not a trojan

[Hao+Wu]

A trojan is software that convinces the user to install it by looking like something else that the user might want to install.

What you are basicly saying is that all trojans look alike. As a person of Asian ancestory, I am some what offended by your insensitivity.

Re:Not a trojan

Yes its shocking isn't it. Why I said just the same thing to my natural redhead Korean friend the other day, and him and his natural blonde Chinese gf totally agreed.

Re:Not a trojan

The above is moded way too high, especially considering that he is wrong. It is a trojan, the user buys what he thinks is a perfectly safe hard drive, but ends up with extra malware

Re:Not a trojan

[Kenji+DRE]

What if i have access to someone's hard disk and install a trojan on it, by your definition it wouldn't be called a trojan, would it?

Re:Not a trojan

[LuxMaker]

Could the 'convincing the user' part be the hard drive's suspiciously low price?

Re:Not a trojan

[joshuaobrien]

Let's see, little nasties that slip past your defences by hiding in a container thought to be empty. Yep, nothing Trojan about that.

Re:Not a trojan

[tftp]

A hard disk is mostly... hardware. There's a little software in it, even in a good, uninfected unit

Two cases here. First, you got an external USB HDD. It often contains lots of software. I have a Seagate USB/FireWire HDD, it comes with FreeAgent backup and configuration software. I bought the software with the HDD unit, they are one set. I would be an idiot if I format the HDD first.

Another case is when you get an internal HDD that is supposed to be unformatted. But you don't know if it is or isn't - not before you install it into your Windows box and power it up. If the HDD is blank, as it should be, then you need to format it, and all is well. However if it is already formatted for you and contains something, Windows has no way of knowing why it is so, and it will treat it as any other removable drive - namely, will read the autorun.inf and proceed running all the viruses in the world that the drive may contain, all that before you even realize that something is wrong.

In either case, if your antivirus finished loading by this time it may save you, if it is good enough. But I recall some recent review that claimed that a typical antivirus fails to catch as many as half of the viruses.

Re:Not a trojan

[fermion]

Since you bring it up, and I am feeling pedantic, this is exactly a trojan is. A trojan, as in The Trojan Horse, is an object that a defending entity voluntarily brings behind the defenses and then allows to act as a free agent, due to the fact that by convention the object poses no threat. In the original story, the Trojans brought a the gift horse into the city walls after what they believed was the end of a long war. If the Greeks had been honest, the horse would have been no threat horse was a threat as the Greeks would have left as statement of good riddance. Unfortunately for the Trojans the Greeks were not honest, and the horse was in fact a trick. Through the trickery, the Greeks were able to break otherwise impenetrable defenses, and massacre the trojans.

Therefore, in the strictest sense, the HD is a trojan. No one believes, unlike an email, that the HD is dangerous. There are no defenses set up to guard against it. If someone were to put a truly dangerous trojan on a HD, like a password sniffer, the majority of us would be none the wiser.

To quote from The Tick, episode 0113, read a book

Re:Not a trojan

[Eli+Gottlieb]

Since when was Troy in Asia?

Re:Not a trojan

[kegon]

Wow, this is like the least insightful post I have ever seen. It is well known and de facto usage that a "trojan" refers to software. Obligatory link to wikipedia that states it is software.

Re:Not a trojan

[badfish99]

Since its foundation circa 3000BC, in what is now Turkey.

Re:Not a trojan

An internal hard drive is not removable so Windows won't read the autorun.inf on it, it's just the external drives you have to worry about.

Re:Not a trojan

First, you got an external USB HDD. It often contains lots of software. I have a Seagate USB/FireWire HDD, it comes with FreeAgent backup and configuration software. I bought the software with the HDD unit, they are one set. I would be an idiot if I format the HDD first.

Whatever happened to including cds of software? There's no way in hell I'd ever make a software purchase that came with my harddrive and didn't also come with cds. If it's an external drive, I don't want anything there at all, if I'm buying a computer, I understand there'd be pre-installed stuff...and THE CDS to reinstall what I want.

How would that even work

[Paul+Carver]

Do they have some mechanism for surviving the intial format or is this a complete hoax? Even assuming the drive is installed in a Windows computer, isn't the first step always to format the drive? I've added lots of drives to Windows machines and it never occured to me to try to access them without formatting them. Do these come preformatted?

As to the reference about these drives being used for government databases, certainly they would be reformatted when added to a RAID, wouldn't they? Even if preformatted for non-RAID use I don't suppose it would be possible to use them in a RAID without formatting first and what database would ever be on a non-RAID device?

Re:How would that even work

[myc]

not for external USB drives that are already pre-formatted with a FAT32 filesystem. Plug it in and go! your box is pwn3d.

Re:How would that even work

[shaka]

They're external drives. They almost always come preformatted (FAT32), usually with some (autorun) software installed.

Re:How would that even work

[FutureDomain]

Do they have some mechanism for surviving the intial format or is this a complete hoax? Even assuming the drive is installed in a Windows computer, isn't the first step always to format the drive? I've added lots of drives to Windows machines and it never occurred to me to try to access them without formatting them. Do these come preformatted?

These are preformatted portable hard drives, like the kind you use for backing up your computer. The dangerous part is that the trojan is set to autorun, which can infect your computer by just hooking up the drive. You don't need to click on anything.

~~FutureDomain~~

Re:How would that even work

[petermgreen]

I've added lots of drives to Windows machines and it never occured to me to try to access them without formatting them. Do these come preformatted?
In my experiance bare drives don't but drives ready mounted up in USB caddies do.

Sure you could reformat it to remove stuff but by the time you get to the format screen you are probablly already infected.

Re:How would that even work

Perhaps it is a rouse. This may be a case of counter-espionage where a stupid ineffective spying attempt intended to draw attention to itself is made to cover up for something more stealthy.

Re:How would that even work

[Megane]

Do they have some mechanism for surviving the intial format or is this a complete hoax?

What "initial format"? If you buy this drive and install it, preformatted with the trojan, Windows will see it as already formated and mount it, then autorun the malware. Moments later, the human who doesn't notice it's already formatted goes slowly (to a computer) to the disk format utility. By the time the format begins, the damage has already been done.

I will admit that I have noticed that sometimes brand new drives are already formatted, but then I immediately reformat them as HFS+ volumes. Next time that happens, I'll take a moment to see if there might be any invisible files.

Re:How would that even work

[ILuvRamen]

not if you're smart enough to hold shift when you plug it in. I believe that's still the XP "don't run autorun anything" trigger. It's really that simple, people. Btw I wrote my own autorun file for my USB drive with the assitance of a freeware program for that and the line of set the icon for the drive always worked on every PC and the very next line about running an .exe file on the drive never, ever ran on any machine. And yet there's the U3 crap so how exactly does this work if there's obviously some protection or something about autoruns running .exe files.

Re:How would that even work

[totally+bogus+dude]

Autorun can definitely run exe's, that's its main purpose. That's how the installer automatically starts up when you insert a game or application CD. It's possible that the exe needs to be signed or something, but it's more likely that whatever program you were using simply "did it wrong".

Don't forget that you can also disable autorun permanently, rather than having to remember to hold shift every time you insert a disc.

Re:How would that even work

[CastrTroy]

Wrong, the trojan is not set to autorun, the computer is set to autorun. The trojan just contains files that means it will be autorun if the computer is set to do so. There's a difference here. I don't know how anybody ever thought that having computers automatically run executable programs without any user intervention was a good thing, but personally, I can't see how computers are still configured by default to run any drive you hook up to them.

Re:How would that even work

[Chris+Pimlott]

There's more to it in this case. Windows does not autorun executables for USB drives, presumably as a security measure. The way that U3-enabled flash drives get around it is by having a special controller and a read-only area that presents itself to Windows as a CD-ROM drive, for which the OS allows autorun. So in case you were ever wondering, yes, there is a difference between U3 flash drives and normal ones, it's not just branding.

Re:How would that even work

[QuantumG]

Yeah, you're wrong. Do this..

1. insert a usb drive, let's say it is mounted to I:
2. edit I:\autorun.inf with a text editor (for example, notepad) and put:

[autorun]
open=calc.exe
action=Run Calculator

3. copy c:\windows\system32\calc.exe to I:
4. remove the usb drive
5. reinsert the usb drive

Windows will pop up a dialog that says:

Windows can perform the same action each time you insert a disk or connect a device with this kind of file:

Program

What do you want Windows to do?

Run Calculator
using the program on the device

Open folder to view files
using Windows Explorer

Take no action

[] Always do the selected action You can make the action say "Open folder to view files" and you can even make the icon look similar, but Windows will always say that helpful "using the program on the device" and it will never run the exe automatically. So you might be able to trick some people into running your program instead of running Windows Explorer but they would have to be not paying a whole lot of attention.. fair enough, that's not all that uncommon, but I think Microsoft have put some effort into making this both safe as well as useful, so don't come down on them quite so fast.

Re:How would that even work

[Chris+Pimlott]

I found a short bit about USB autorun on Microsoft's site:

Q: What must I do to trigger Autorun on my USB storage device?
The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. If you need to make a USB storage device perform Autorun, the device must not be marked as a removable media device and the device must contain an Autorun.inf file and a startup application.

The removable media device setting is a flag contained within the SCSI Inquiry Data response to the SCSI Inquiry command. Bit 7 of byte 1 (indexed from 0) is the Removable Media Bit (RMB). A RMB set to zero indicates that the device is not a removable media device. A RMB of one indicates that the device is a removable media device. Drivers obtain this information by using the StorageDeviceProperty request.

Re:How would that even work

[dotgain]

...because heaven knows I just wouldn't be getting value for money if all I got was an empty disk.

Nosirree. Every disk should come with its own file management utilities - that's how I can tell them apart!

Re:How would that even work

[Doctor+Memory]

As to the reference about these drives being used for government databases, certainly they would be reformatted when added to a RAID, wouldn't they? Even if preformatted for non-RAID use I don't suppose it would be possible to use them in a RAID without formatting first and what database would ever be on a non-RAID device? Heh, I'm sure there are more than a couple of huge Access databases floating around in various govt departments. And monster spreadsheets full of interesting logistical tidbits. It's not hard to imagine somebody at an embassy somewhere developing something to keep track of local contacts/agents/people of interest. Then the person who wrote it gets shipped to a new embassy and takes their code with them. Soon, word gets around, and most of the embassies have a copy of it for their own purposes. Not hard to imagine at all, really.

Re:How would that even work

[LurkerXXX]

If you RTFA, you can see it's an external drive. Almost every external drive you buy will already be formatted. Usually with tools on it so that a button on it will start a backup of your internal drives, etc. I haven't seen an external drive in years that wasn't already formatted. If you left autoplay ON on your windows machine, your nailed as soon as you plug in the bugged external drive.

Re:How would that even work

[sdhoigt]

> not for external USB drives that are already pre-formatted with a FAT32 filesystem. Plug it in and go! your box is pwn3d.

Uh... I run Linux. How does that work exactly?

Re:How would that even work

[Chrisje]

Well,
> As to the reference about these drives being used for government databases

While one of TFA's states:
> portable hard drives

TFA also states:
> have been found to carry Trojan horse viruses
> hard discs with such a large capacity are usually used by government agencies to store databases and other information
> Maxtor Basic

Trust me. I've been in consulting and support for 12 years of my life. I've never seen any government run "Government databases" off of a USB/IDE hard-drive. Not even in the APJ region. If and when they start doing so, they surely deserve any kind of catastrophe that might befall them.

It just looks like a bad article. I'm relatively sure government databases aren't on a windows system, don't run production off single portable IDE drives. Looks like a couple of drives for the consumer market might have had some shit on it they shouldn't. It strikes me as funny that everyone here's discussing an obvious attempt at alarmist sensation-mongering by the Taipei times (Taiwan, not China's closest friend, after all)

Re:How would that even work

[zippthorne]

You know, I've been trying that "shift" thing since I had win 95, and I've gotta say, it's never worked for me. I've always had to go into settings and turn off autorun manually. (XP isn't so bad, though. It gives you a menu of auto-options, which include not auto-running anything)

Maybe a format

[virtualnz]

maybe a format of the drive when its purchased will fix. Or because its malware does this mean its going to be embedded into the hardware? It goes to show that we can't even rely on our hardware now without some big "brother" sending information back.

Re:Maybe a format

[totally+bogus+dude]

My impression is that they're just regular files pre-loaded on it, so reformatting will work. Provided of course you don't plug it in to a Windows PC with auto-run enabled in order to format it.

I wonder if one day we will see drives that have malware embedded in the controller that can't ever be erased? Maybe it's possible for them to detect "initial connection and probing by Windows" by waiting for a certain sequence of commands, and only expose the malware then. If you look at the drive later, or use a different OS which probes in a slightly different manner or with different timing, the files don't appear.

Obilgitory HOSTS comment:

[killmofasta]

Please add to your host files:
127.0.0.1 www.nice8.org
127.0.0.1 www.we168.org

Re:Obilgitory HOSTS comment:

[lordofthechia]

Why not take some initiative.You can block the sites, or you can send them what they want! DATA! Send them lots of data, format it like it was sent with the virus and have fun coming up with a random assortment of websites to include in it (sure we could thing of a couple).

So why ignore when you can use up their bandwidth and screw up their database. Just an idea.

Re:Obilgitory HOSTS comment:

[NeverVotedBush]

Excellent suggestion and I hope you get modded informative.

There is a blacklist website that had the www.nice8.org site listed a while back (I serched in mine before entering it) but the we268 site wasn't in there and still isn't.

The URL to the hosts blacklist file: http://www.mvps.org/winhelp2002/hosts.htm This really speeds up browsing too as a lot of the tracking sites get blocked.

Re:Obilgitory HOSTS comment:

[ColdWetDog]

There is a blacklist website that had the www.nice8.org site listed a while back (I serched in mine before entering it) but the we268 site wasn't in there and still isn't.

I think we Slashdotted it. They're not responding.

Re:Obilgitory HOSTS comment:

[IgnoramusMaximus]

Please add to your host files:
127.0.0.1 www.nice8.org
127.0.0.1 www.we168.org

You bastard! I did and that unsavory host at 127.0.0.1 (isn't the 127.x range like the dark back-alleys of the Intertubes?) infected me with a nasty trojan, probably because it has like a million gajigabytes of completely illegal, pirated contents on it!! A veritable pirate hive, that! I hold you pesonally responsible for directing us, pure, innocent Slashdotters to it!

Re:Obilgitory HOSTS comment:

[deniable]

As always, when you have problems with one of those 127. hosts, you should report it to your ISP. You may also want to inform law enforcement.

Re:Obilgitory HOSTS comment:

Domain ID:D145807509-LROR
Domain Name:NICE8.ORG
Created On:11-May-2007 07:20:24 UTC
Last Updated On:27-Sep-2007 05:57:07 UTC
Expiration Date:11-May-2008 07:20:24 UTC
Sponsoring Registrar:Xin Net Technology Corporation (R118-LROR)
Status:OK
Registrant ID:JHV8DUH7W9TIL
Registrant Name:ga ga
Registrant Organization:gaga
Registrant Street1:gagaga
Registrant Street2:
Registrant Street3:
Registrant City:gaga
Registrant State/Province:Beijing
Registrant Postal Code:126631
Registrant Country:CN
Registrant Phone:+86.2164729393
Registrant Phone Ext.:
Registrant FAX:+86.2164660456
Registrant FAX Ext.:
Registrant Email:safsafsa@ca.ca
Admin ID:JHV8DUHMSOOFB
Admin Name:ga ga
Admin Organization:gaga
Admin Street1:gagaga
Admin Street2:
Admin Street3:
Admin City:gaga
Admin State/Province:Beijing
Admin Postal Code:126631
Admin Country:CN
Admin Phone:+86.68492333
Admin Phone Ext.:
Admin FAX:+86.4660456
Admin FAX Ext.:
Admin Email:safsafsa@ca.ca
Tech ID:JHV8DUHO9XXZP
Tech Name:ga ga
Tech Organization:gaga
Tech Street1:gagaga
Tech Street2:
Tech Street3:
Tech City:gaga
Tech State/Province:Beijing
Tech Postal Code:126631
Tech Country:CN
Tech Phone:+86.68492333
Tech Phone Ext.:
Tech FAX:+86.4660456
Tech FAX Ext.:
Tech Email:safsafsa@ca.ca
Name Server:NS2.XINNETDNS.COM
Name Server:NS2.XINNET.CN

I'm assuming "ga ga" is fake; XINNet is not accessible without a Chinese proxy. The Registrant's Phone number: +86.2164729393 links to the contact information to http://www.sogle.com/ a partner of http://68l.com/ which both appear to be web hosting companies.

So if this is one big Chinese government conspiracy, it seems to be run through a number of companies, including dedicated hosts, not just hardware manufacturers.

Re:Obilgitory HOSTS comment:

[ceeam]

No, thanks.

Re:Obilgitory HOSTS comment:

[advocate_one]

they got all my pron... that should keep them busy for a while... :)

Re:Obilgitory HOSTS comment:

Excellent idea. Lots of meaningless stats, or supercomputer terabyte size dumps of astronomy and/or weather data, and/or multiple copies of the complete wikipedia databases...:-) Heck, the possibilities are endless! Yep, take advantage of this trojan and fill up their systems with junk today! :-)

Re:Obilgitory HOSTS comment:

[earthforce_1]

Or if you run linux, you could just pipe them your output /dev/random. :)

Re:Obilgitory HOSTS comment:

[toddestan]

I'm getting around to it, but I'm still going through the massive cache of porn I found. Strangely, I can't access it on my laptop for some reason.

Re:Obilgitory HOSTS comment:

[killmofasta]

Pipe them dev random?

The LAST time we did this, my roommate took it upon himself, to scan our network, identify the webserver in the cable modem, and shower it with randombits:

"Hey, I found something at 192.168.100.1, you dont have anyhting running 24 hours do you?"
"Did you ping it first"
"Yes"
"And did you point your browser at it?"
"Uhhh no...( 10 seconds later)...Hey! Our cable modem has a webinterface"
Grrrrrrrrrr......

Oh the point about the HOSTS thing is this:
Whenever you see a threat from an IP:
add that IP to point to google.com
i.e.

81.95.147.130 google.com # caught as the source of codec expoit by security
193.227.121.22 google.com #

and if you see a threat by a site, i.e. url
127.0.0.1 co8vd.cn # redirect exploit aliciakeys and myspace, taken down, and reappared
127.0.0.1 www.nice8.org # Not quite sire what to do with these dirtbags yet
127.0.0.1 www.we168.org # but nominated for randombit sending, and free security audit

My Hosts editor of choice is now:
HostsXpert for windows, and vim for linux. I leave shell script in root.

Yours,
killmo

Vista

[Paul_Hindt]

Yeah my new computer shipped with malware installed to...Windows Vista.

Re:Vista

[Tuoqui]

What a coincidence... My brother's new computer shipped with this malware too!

Re:Vista

[idiotwithastick]

Ironically, Windows Vista is the first version to ship with automatic autorun disabled by default.

catgotmytongue

[newr00tic]

"

The tainted portable hard disc uploads any information saved on the computer automatically and without the owner's knowledge to www.nice8.org and www.we168.org, the bureau said. "

-Fill the suckers with Linux distros or something, then..

(Yeah, big chance of it uploading 'everything,' anyway. - ANYTHING, maybe, not every..)

Re:catgotmytongue

[deniable]

goatse and tubgirl would be better.

Re:catgotmytongue

If it were Koreans, something like dogse 'd be more appropriate. ("Eyh, don't fuck with the 'food!")

But who's affected?

[r_jensen11]

The summary doesn't state who is at risk here. For all I know, these could be hard drives for servers. I suppose the files autorun.inf and ghost.pif hint that it's targeting Windows. Would this also be a security issue if someone attempted to execure those files within Wine or Parallels?

Re:But who's affected?

[EllynGeek]

Crap article, crap summary- it's par for mainstream news to ignore which operating systems and applications are vulnerable, and how- I suppose expecting any better in a /. summary is becoming equally futile.

Re:But who's affected?

[LackThereof]

It's right there in the summary. 300 or 500 GB external Maxtor hard drives. One would presume that they are USB2, as are most external hard drives.

Most external hard drives are preformatted to FAT32, so the user simply can plug it in and use it on almost any OS. Even thumbdrives come preformatted, so presumably the nasty files are simply already on the filesystem, rather than buried in the firmware or anything unstoppable like that. If removed, they probably will stay gone for good.

The summary mentions autorun.inf and ghost.pif. Recent versions of Windows will look for autorun.inf in the root directory of any inserted disk (CD, DVD, USB drive, maybe even floppies?) and will run a script out of it. Holding down the shift key while inserting/connecting the disk makes Windows not do that; it can also be disabled somewhere deep in the control panel. Most of the time these scripts are one or two lines long and just execute a program elsewhere, typically an installer.

.pif is an ancient extension from back in the win95 days, and due to strange backwards compatibility weirdness, Windows will execute any file with a .pif extension and the executable magic number. (Try it out - copy calc.exe to calc.pif and see) This makes it a very popular extension for malicious binary executables, because the windows shell will not look past the extension, and in no way indicate that the file is an executable program, it will call it a "Program Information File" which seems quite safe to the layman. So odds are ghost.pif is a standard off-the-shelf win32 trojan similar to the ones in the wild everywhere.

I doubt wine would know what to do with autorun.inf. If you attempted to execute ghost.pif under wine, it might actually run and work, although it would only have wine's permissions. Parallels probably would properly parse autorun.inf, and would attempt to run ghost.pif, but it would all be happening inside the virtual machine, and ghost.pif was almost certainly not written with breaking out of these environments in mind, so only the virtual machine would be compromised .

So the people at risk are the people running any version of windows that includes autorun support (I think that's 98 and up) and have it enabled (the default), and do not hold down the shift key while plugging in the drive. I figured that out from the summary. Now I'm going to RTFA and see if I was right.

Re:But who's affected?

[mooglez]

The Virus definition at: http://www.seagate.com/www/en-us/support/downloads/personal_storage/ps3200-sw says that it's a Keylogger to steal username:password combinations for popular computer games at eastern Asia. World of Warcraft is the only western game that it is looking for.

Taiwan or Thailand?

[overcaffein8d]

Taiwan or Thailand? Two completely different places.

Looks like a "typo" tag to me.

Re:Taiwan or Thailand?

[barry_the_bogan]

Disks made in Thailand, then sold in Taiwan was how I understood the summary.

Re:Taiwan or Thailand?

[corsec67]

Were they "Sold in Taiwan" and "Made in Thailand"?
That would be consistent with the headline and summary, but they could also be very wrong.

Re:Taiwan or Thailand?

[night_flyer]

from TFA

"Around 1,800 of the portable Maxtor hard discs, produced in Thailand, carried two Trojan horse viruses: autorun.inf and ghost.pif, the bureau under the Ministry of Justice said."

Re:Taiwan or Thailand?

Taiwan has become too expensive for low-skill labor-intensive manufacturing, such as used for hard drives.

Re:Taiwan or Thailand?

[nihaopaul]

and then you follow it back to american servers...

www.we168.org. 3594 IN A 75.126.97.113

$ whois 75.126.97.113

OrgName: SoftLayer Technologies Inc.
OrgID: SOFTL
Address: 1950 N Stemmons Freeway
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

NetRange: 75.126.0.0 - 75.126.255.255
CIDR: 75.126.0.0/16
OriginAS: AS36351
NetName: SOFTLAYER-1-4-3
NetHandle: NET-75-126-0-0-1
Parent: NET-75-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.SOFTLAYER.COM
NameServer: NS2.SOFTLAYER.COM

$whois 222.122.180.190 ;; ANSWER SECTION:
www.nice8.org. 3600 IN A 222.122.180.190

inetnum: 222.96.0.0 - 222.122.255.255
netname: KORNET-KR
descr: Korea Telecom
country: KR

the US one could easily be shut down, and the same with the korean ones, plus the .org records dont have real details so you can have them shut down too, xinnet does track users by their government issued identity card (you can't register without one) so they could trace it back to the one that made the order on the domain and how it was paid.

Re:Taiwan or Thailand?

[daniorerio]

oooh, US and Korean companies spying for China on Taiwan, now it gets juicy!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Wine no, Parallels mabye

Wine doesn't support autorun so it is safe. Parallels will be affected assuming it doesn't disable autorun in the host OS, which most VM software does.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Seagate admits it

[Camael]

The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing. Untrue. The Seagate article can be found here: http://www.seagate.com/www/en-us/support/downloads/personal_storage/ps3200-sw/
So this is not a hoax, after all.

Re:Seagate admits it

That URL doesn't work because you tacked on a trailing / somehow.

Here it is without the trailing / :

http://www.seagate.com/www/en-us/support/downloads/personal_storage/ps3200-sw

Or google "ps3200 trojan".

What is interesting to note from that Segate page is that it claims the aim of the virus is to search for passwords for MMORPGs.

Re:Seagate admits it

[ColdWetDog]

Well that link throws a 404 error. Searching for "Trojan" on the Seagate site just gave me a couple of links to a Terms of Use agreement. I just didn't have the heart to explore that concept further.

Re:Seagate admits it

[SinVulture]

http://www.seagate.com/www/en-us/support/downloads/personal_storage/ps3200-sw click throughable!

Seagate should never have bought Maxtor

[CranberryKing]

I was surprised when Seagate bought them. Maxtor was always a 'eh..' kind of disk manufacturer and Seagate has always been one of my favourite in terms of quality. Sorry Seagate but I'm not buying Maxtor disks ever.

Re:Seagate should never have bought Maxtor

[GonHiDi]

I wonder if Maxtor's influence is beginning to show up.

It could be worse

[Tribbin]

I once bought a computer with Windows preinstalled.

Re:It could be worse

[Tribbin]

Indeed, linux fans would wipe off the pre-installed linux and do a custom install.

Nope

[The+MAZZTer]

Default Windows settings would run the trojan once you plugged the drive in. To avoid this you either have to hold shift for an indeterminate amount of time while plugging the drive in, which can be difficult or impossible. With such a drive you're likely to use a more inaccessible port because you likely won't be needing to unplug it much. The only other alternative is to disable autorun for removable drives. This option is not available in the standard GUI and third party tools (or TweakUI) are needed.

Re:Nope

[LurkerXXX]

3rd party tools? Who needs 3rd party tools?

gpedit.msc

It's a windows GUI tool.

Computer Configuration > Click "Administrative Templates" > Click "System" > Double-Click "Turn off Autoplay", set it for "All Drives" and click the "apply" button.

Re:Nope

[Stephen+Samuel]

You can't use the Shift key installing a drive because that also disables DRM software -- as such, if you get caught holding down the shift key, you might be mistaken for an RIAA-hating music pirate and sued for millions of dollars.
In other words, the only legal solution is to install the new hard drive, let it infect your machine, and then wipe your whole storage system and re-install it with a new OS.

While you're at it, you might want to switch to a virus-resistant system like Linux.
:-)

Re:Nope

[lonesome_coder]

Autoplay != Autorun

A few posts up already shows this, which can be disabled with a registry tweak.

Comment removed

[account_deleted]

Comment removed based on user account deletion

It was meant to benifit the customer

[edwardpickman]

They figured it was a time saving feature that would save bandwidth for the buyer having the Trojans preinstalled.

Its a classic Trojan Horse.

[Marrow]

Something physical brought behind your defenses that attacks you un-awares.

Whoops

[The+MAZZTer]

Bah, right after I posted my comment I realized I wasn't thinking straight. Time for bed I guess. Ignore parent and imagine I typed this instead:

Default Windows settings would mount the drive and immediately parse autorun.inf. I'm not sure about running the trojan, but I think MS totally disabled the run part of autorun in Vista and maybe an XP update (instead you get a dialog which shows the autorun action as one of several options you can take including nothing, or opening the drive in explorer).

I don't know.

This is not a trojan in the software sense, and I'm not sure it is in the classical sense, either. I think you have to take intent into consideration. The software was not knowingly placed on the drive by the manufacturer; it was slipped in by a contractor somewhere down the line. From the end user's perspective I guess there really isn't any difference (drive goes in, computer gets fucked), but the manufacturer was not trying to dupe their customers.

Re:Obilgitory disable autorun comment

[Technician]

Please add to your host files:
127.0.0.1 www.nice8.org
127.0.0.1 www.we168.org

Be sure to put them in the upstream router. Autorun may compromise the system.. DUH it's a trojan. Since the affected drives are portable drives, it is very important to disable autorun as well as block the sites upstream of the compromised machine.

Just more proof that autorun is insanely stupid

[0123456]

Why oh why does Microsoft still automatically run software off any disk that's inserted into your PC? Surely decades of floppy-carried virii should have convinced them of what a frigging stupid idea that is?

Re:Just more proof that autorun is insanely stupid

People aren't smart enough to install stuff themselves.

Re:Just more proof that autorun is insanely stupid

[Shados]

It does? When I put a disk in my PC, it -asks- me if I want to run the auto-run, or if I wanna do something else with it...

Re:Just more proof that autorun is insanely stupid

[Opportunist]

It's a concession to the computer illiterates.

If you ever saw my father trying to open something using Explorer, you know that it is a minor feat for them to actually find something and access it. So sliding in a CD and something "working like magic" is what they want. And what they got.

Yes, it's a security nightmare. It's impossible to explain the problem to them, all they want is a computer that works without them having to know too much about it.

Re:Just more proof that autorun is insanely stupid

People aren't smart enough to install stuff themselves.

Not unlike those who spell viruses as "virii"...

Re:Just more proof that autorun is insanely stupid

"Why oh why does Microsoft still automatically run software off any disk that's inserted into your PC? Surely decades of floppy-carried virii should have convinced them of what a frigging stupid idea that is?"

Think about what your asking for a second; I mean,these are the guys that brought the world Windows ME for Christ's sake!

Re:Just more proof that autorun is insanely stupid

[arminw]

......all they want is a computer that works without them having to know too much about it......

Isn't Apple advertising that Macs "just work"? Macs don't have this autorun "feature", so maybe because of that, they should be sued for false advertising.

Re:Just more proof that autorun is insanely stupid

[alexhs]

Surely decades of floppy-carried virii should have convinced them of what a frigging stupid idea that is? <sarcasm>Yes, that's why autorun is deactivated by default for floppy drives.</sarcasm>

Re:Just more proof that autorun is insanely stupid

[FooBarWidget]

Because the average user *wants* the installer to auto-run when they insert a CD, otherwise they'd panick and scream "OMG it doesn't work!"

Re:Just more proof that autorun is insanely stupid

[dave420]

Well, most folks who use media rightfully trust their media. You don't hear many stories on /. when Autorun works brilliantly and saves someone time, only when it's part of an exploit. If you plug a hard disk into your computer, and double-click its icon, Windows assumes you trust it. After all, why would you plug a random hard disk into your computer, then double-click its icon? Just to see what happens? If you want to format it, just plug it in, don't double-click the icon, and format it. Call it a security risk if you want, but its features like this, where the OS doesn't get in your way (even to make potentially-fatal mistakes) that made Windows so popular. Most folks don't have problems with Windows because it doesn't get in their way, and they don't do anything stupid. It's only a problem when Windows gives the user too much credit, and the user uses that credit to hose the computer. I'd launch into a car analogy, but I just can't be arsed :)

Re:Just more proof that autorun is insanely stupid

[petermgreen]

Why oh why does Microsoft still automatically run software off any disk that's inserted into your PC? Surely decades of floppy-carried virii should have convinced them of what a frigging stupid idea that is?
When CD autorun was first introduced CDs were read only media produced only by big and presumablly trusted companies. So the risk was pretty low. Hard drives equally were rarely shared with anyone but very trusted people so they were pretty low risk too. I don't think floppy and similar drives ever had autorun.

Of course things have changed now putting MS between a rock (vulnerability to malware) and a hard place (pissing off users who have become used to autorun).

If you think this is bad you might like to know that on risc OS just viewing the contents a directory was enough to have code automatically run on your system.

Re:Just more proof that autorun is insanely stupid

[gillbates]

Surely decades of floppy-carried virii should have convinced them of what a frigging stupid idea that is?

You assume that Microsoft is capable of learning from their mistakes.

If Microsoft was capable of learning, they would be able to produce secure and reliable software. Does it really surprise you that a company which consistently replicates their past mistakes in new and innovate ways would pass up an opportunity to further compromise security in the name of convenience? It doesn't surprise me.

Lenovo

[DustyShadow]

So if the Chinese government is willing to do this with just hard drives, it makes me wonder what they are putting on Lenovos.

Re:Lenovo

Windows. But anyone who doesn't remove this before he uses his Lenovo gets just what he deserves.

Re:Lenovo

most of the posts here are pretty much junks and finally one makes sense. You think you can avoid this by switching to linux or other os? How about they burn things in firmware level? or put spyware in BIOS?

Also, some google and you can find the infective drive are also sold in US and UK

http://forums.vnunet.com/thread.jspa?threadID=121580

I think ...

[PPH]

... the makers of third party malware should sue. Having OEM malware preinstalled is going to drive them out of business eventually.

Perhaps the EU can take up their case.

Re:I think ...

[Dunbal]

Not to mention the fact that Sony has already patented this business method...

that said..

[QuantumG]

Try putting this in your autorun.inf:

[autorun]
shell\silly=You're silly
shell\silly\command=calc.exe
shell=silly

now remove and reinsert the USB device. Hmm.. nothing happens.. how strange. Go to My Computer and double click on I: (or whatever your drive is mapped to) and what happens? Yeah, calc.exe is run. Thanks Microsoft.

You may now flame away.

Re:that said..

[totally+bogus+dude]

I had a feeling I probably was wrong, but I knew it was absolutely true that exe's can be run by autorun in some cases so it was worth risking a flame. ;)

Chris Pimlott's post explains why it behaves like it does.

Your shell example makes it clear that Microsoft "kind of" understood the security risks when implementing this, and mitigated the most obvious avenue of attack, while still leaving people vulnerable. I think it also explains why normally double-clicking on a drive would expand it, but sometimes it wouldn't. That one confused more than once.

Re:that said..

Funny how people who "had a feeling" they might be wrong are always the loudest and quickest ones to speak regardless of that fact.

Re:that said..

[totally+bogus+dude]

Well of course. What, you expect me to actually research stuff I'm not sure about before I post? That's what the infinite power of the slashdot brain machine is for! Next you'll suggest I actually RTFA before posting about it. Insanity! Insanity!!!

Not the only...think different

[djupedal]

"The only other alternative is to disable autorun for removable drives. "

Or... chassis it into an external FW/USB/SATA enclosure, cabled to a Mac & either reformat it for OS X & use... or wipe it and format it for a windows box.

A simple solution.

[rice_burners_suck]

There is a simple solution to problems like this. Whenever you purchase a new (or used?) hard drive, write zeroes to the whole darn thing and then format it with your filesystem of choice. Badda bing batta boom.

Re:A simple solution.

[geekoid]

Assuming the HD allows it. It could be hiding sectors, and you would never know.

First Hard Drives, then Motherboard BIOSes

[shoor]

What happens when they put malware in the BIOS on your motherboards.
How will you know? How will you get rid of it, (I know flash the
BIOS, but maybe the BIOS doesn't want to be flashed.)

There's talk that the next war will be a cyberwar. I guess that's
better than the other kind, but these are some of the ways to do it
I'd say.

Re:First Hard Drives, then Motherboard BIOSes

What happens when they put malware in the BIOS on your motherboards.
How will you know? How will you get rid of it, (I know flash the
BIOS, but maybe the BIOS doesn't want to be flashed.)

You must not have been aware of http://en.wikipedia.org/wiki/CIH_virus

Re:First Hard Drives, then Motherboard BIOSes

[petermgreen]

CIH was destructive to motherboards and certain disk structures (which were generally repairable provided the hard drive was fat32 and the first partition was over a certain size) but that was about all the damage it did.

Far more insiduous would be malware built into the bios by the manufacturer which allowed secret commands to be used to read out data through the systems onboard network adaptors.

More Info on the Worm

[essinger]

The article doesn't state it but this seems to be the worm W32.Drom. Symantec rates the threat as Very Low with 0-49 total infections. Take that with however many grains of salt you wish.

Re:More Info on the Worm

[Opportunist]

Any AV company can only rate any kind of malware by the amount of samples they encounter through their various sources, which usually include spam or webpages. Hard drives usually are not on their detector network.

I'd take that number with a quite unhealthy dose of salt. Most likely Symantec got a sample from somewhere (a customer, their cooperation with other AV researchers) but didn't encounter any samples through their detectors (well, how would they if that trojan is distributed in ways they cannot detect?).

Google is your Friend

http://www.we168.org/Data/a.txt

Oh, malware...

By "Trojans Found In New HDs Sold In Taiwan", I thought they meant condoms.

(OK, who's the comedian? My catchpas is "durable".)

Re:Oh, malware...

[renegadesx]

Different results when they go bust

Topic at hand? Infection... Condoms? Inf..

Ok I see your point

Re:Oh, malware...

[SeaFox]

By "Trojans Found In New HDs Sold In Taiwan", I thought they meant condoms.

That would suck. Imagine hundreds of geeks getting a box in the mail from NewEgg filled with a product you have no use for.

Re:Oh, malware...

Afraid that some of the words and brands don't translate too well outside N America. Few know that Trojans are a US condom brand. In that context, how many Yanks would know that using the words 'durable', causing double entendre with Durex, or 'sucks' are inadvisable in RoW?!
Whatever, buyer beware rules - OK. Fdisk and/or Linux should keep you 'safe', if you practice safe software.

Re:Oh, malware...

That would suck. Imagine hundreds of geeks getting a box in the mail from NewEgg filled with a product you have no use for. Such an unimaginative thinker, have you never made water balloons from condoms? Also, they're good for making sure rain doesn't get down the barrel of your rifle (sure, it's just a replica, but when you're doing your WWII RP, you want to be as authentic as possible right?)
Cut the tip and you can use it for cable bundling (the lube really helps with those big cables).
The list goes on and on...they're like duct tape, nobody really knows what their original purpose was, but they're just so versatile.

Talk about security...

[Opportunist]

The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives.

Is MS also going to tell us how this is a feature on HDs? I can see it in CDs. I could even see it in USB drives. But in hard disks? Where's the point in an autorun feature on a hard drive?

Re:Talk about security...

[totally+bogus+dude]

I'm wondering if it's more intended as a feature of not-easily-removed drives. Not much good to auto run a program if the user's going to change their mind and unplug the device again in a second.

Auto-run obviously has useful implications for USB drives. I'm trying to recall an experiment some time ago where someone left a whole bunch of USB keys lying around in a public area, and employees picked them up and plugged them into their company computers without a second thought, thus infected the corporate network. I thought that at least some of them auto-ran, but perhaps it relied on inquisitive people opening stuff on the drive, possibly coupled with the retarded "hide known file extensions by default" configuration of Explorer.

What about "secure" flash drives? I've never used one, but from reading about them I always got the impression they auto-ran the drive manager software which let you unlock the encrypted portion. Do they all require you to manually install the software first, and then the management software detects when the drive is plugged in and automatically opens?

... May not be as simple as it seems

[JeanBaptiste]

Why would the Chinese government do something so obvious? And the drives were sold in Taiwan? Given the relationship between the Chinese and the Taiwanese... it seems more like this was _meant_ to be found in order to destabilize the Taiwan economy more than to do any sort of real information gathering... if the Chinese government wanted to gather information I'm sure they could and would be far more covert than this... and compared to the other systems they surely have in place this is nothing.....

This is not as simple as it seems I think but instead is meant to be discovered in order to produce reactions similar to many of the posts I have read so far

Just a guess tho, but there's more going on here than is in this story

Liar!

[Opportunist]

127.0.0.1 is MY computer! Say that again and I sue you for slander, I'm not spreading malware!

(The scary part is that I'm not so convinced I couldn't find a judge who wouldn't allow that suit...)

Re:Liar!

[Wingnut64]

127.0.0.1 is MY computer! That's amazing! I've got the same IP on my luggage!

awesome!

where do i get one of these!

i'll install it in a computer with 5 tb of porn!

that should keep them busy for awhile.

Re:awesome!

[freeze128]

What, you think that Taiwan doesn't already have enough barely legal asian teen pron as it is?

What malware?

[sloanster]

I format the disk, install linux, no problem - I"ve never seen any malware ;)

Hahaha... wait, not funny

[hpycmprok]

From TFA:

      A spokesman for Seagate, which recently acquired Maxtor,
      said the company was investigating Kaspersky's findings.
      "This scenario seems unlikely because the 3200 does not
      have any software preloaded on the drive so there is not
      an opportunity for a virus to be loaded," he said. Yes
      the drive is formatted but I have never heard of a virus
      that lives in the master boot record."

Master boot record is the original hiding places of virii, kapiche?

possible scenarios

[asleeplessmalice]

a) sloppy manufacturing picks up loose malware b) deliberate infection by teenage haxor, perhaps for prestige, perhaps for cash c) deliberate, by botnet agent d) deliberate, by government agent e) deliberate, by aliens, illuminati, JFK, and cmdr taco - Found for sale only in Taiwan so far / aimed at Taiwan? Only 1800 drives reported infected, 300 sold. Infection reported to be found initially by consumers. Doesn't sound particularly sophisticated to me. My bet is on (a).

Trojan?

[glitch23]

Is this how we attract the teenagers to technology now? Include a free condom? ;)

We are to blame for China, not the corporations

[AHumbleOpinion]

American businesses that outsource to China are no better than spies and traitors themselves.

I realize you are merely repeating a popular but false meme so please do not think I am being harsh with you personally, it's the meme that I am being harsh with.

The notion that corporations are to blame for outsourcing to China is beyond naive. We the consumers, not the corporation are to blame! We have essentially forced corporations to outsource by our consideration of virtually nothing beyond price. Business is a Darwinian process. That first corporation that experimented with outsourcing was *rewarded* by consumers rather than punished. Corporations had little choice, jump on the outsourcing bandwagon or go out of business.

If you do not like outsourcing look at the labeling on packaging. Sometimes this requires a little extra effort. I needed a set of screwdrivers and in the regular tools section everything at the local Home Depot was an import. I accidentally found some manufactured in the USA elsewhere in a "professional tools" section. Maybe its not too late.

Re:We are to blame for China, not the corporations

[Bemopolis]

I accidentally found some manufactured in the USA elsewhere in a "professional tools" section. Maybe its not too late.

That is assuming that those tools were made in the United States of America, as opposed to the city of Usa in Japan. So maybe it IS too late.

Re:We are to blame for China, not the corporations

[ScrewMaster]

I realize that you are merely repeating a popular but false meme, so please do not think I'm being harsh with you personally.

What you're trying to say is "vote with your wallet." We are decades past that having any effect and I'll tell you why.

Remember one thing: consumers are the end of the supply and manufacturing chain. Products don't appear out of thin air, even simple items are the result of a long succession of manufacturing processes. Many years ago, the Japanese deliberately used predatory pricing (i.e. dumping) to attack domestic manufacturers of a wide array of electronic components. Once they successfully eliminated our own sources of supply for those critical components, they began to move up the supply chain until they were selling directly to the end user (hello, K-mart shoppers!) This happened long before China came on the scene: the last television set made in America was sold decades ago. In effet, the Japanese systematically destroyed our ability to make the most basic components of consumer electronic devices. Once that was accomplished, the rest of those markets belonged to them, because any remaining domestic producers were entirely dependent upon Japan for their raw materials. From the consumer's perspective, none of this was remotely obvious until suddenly the old, familiar "Made in the U.S.A" label became hard to find. By the time that happened, the domestic manufacturers were long gone. It's insidious, and our government was supposed to be on the lookout for such destructive activity (we have laws against it), but in this regard the Federal Government has failed ... miserably. Matter of fact, they aided and abetted the enemy. Isn't corruption wonderful?

China is just finishing the job, because they are much larger than Japan and can operate on a much vaster scale. They have attacked everything from textiles to electronics. All the great textile factories in the U.S. are lying fallow now, all their machine tooling gone ... sold for pennies on the dollar to China. Do you realize that we no longer have the ability to clothe ourselves? Get used to last year's styles if China decides it's time to put the screws to us for real. Don't give those old clothes to Goodwill or the Salvation Army, 'cause you'll probably need them yourself.

The sad fact is that we've been completely hollowed out, all the way from raw materials processing down the line to finished goods. Can this be reversed? Can America return to being a major industrial power? At this point I'd give a qualified "Yes", but only if Congress gets off its fat collective corrupted ass and fixes a few things so that American companies can begin to compete again. I don't see that happening in the near future: Congress is perfectly aware that they are not going to be subject to the looming economic disaster that the rest of us are facing.

Re:We are to blame for China, not the corporations

[AHumbleOpinion]

I realize that you are merely repeating a popular but false meme, so please do not think I'm being harsh with you personally. ... Remember one thing: consumers are the end of the supply and manufacturing chain. Products don't appear out of thin air, even simple items are the result of a long succession of manufacturing processes.

Your argument fails quite simply. Yes, the consumer is at the end of the supply chain but the consumer drives the demand. Again, corporations do not move in lock step. When that first corporation outsourced manufacturing or that first distributor replaced domestic suppliers with overseas suppliers the US consumer *rewarded* them. Darwin takes over and other corporation follow. To use my Home Depot screwdriver example, the screwdrivers at the local hardware stores did not go from domestic to foreign overnight. It was a gradual process. Despite being at the end of the supply chain the consumer controlled the process by choosing the cheaper screwdriver over the domestic screwdriver.

What you're trying to say is "vote with your wallet." We are decades past that having any effect and I'll tell you why. ... Many years ago, the Japanese deliberately used predatory pricing (i.e. dumping) to attack domestic manufacturers of a wide array of electronic components. ... From the consumer's perspective, none of this was remotely obvious until suddenly the old, familiar "Made in the U.S.A" label became hard to find. By the time that happened, the domestic manufacturers were long gone.

While your historical account is true, it does not contradict my argument that the consumer is largely to blame, not the corporations or government. However your argument that the consumer suddenly found domestic products difficult to find is mistaken. The domestic electronics industry did not fall overnight, it was a gradual process. I grew up in a town that had a assorted factories, including an apparel manufacturer. The next town over had a factory assembling TVs. I recall the "Save a Job, Buy American" billboards and bumper stickers. Too many consumers ignored such warnings, it was a classic tragedy of the commons example.

Can this be reversed?

Note the Japanese auto industry. While quotas may have originally motivated relocating assembly and some manufacturing to the US, they are now finding that domestic factories are also an important marketing tool. Consumers still have some input. It is also interesting to note that some Chinese firms have opened factories in eastern Europe as part of the tail end of the supply chain for EU markets. If government fails to act perhaps the falling dollar will inspire the Chinese to do some foreign direct investment in the US.

Re:We are to blame for China, not the corporations

[Grishnakh]

While your historical account is true, it does not contradict my argument that the consumer is largely to blame, not the corporations or government. However your argument that the consumer suddenly found domestic products difficult to find is mistaken. The domestic electronics industry did not fall overnight, it was a gradual process. I grew up in a town that had a assorted factories, including an apparel manufacturer. The next town over had a factory assembling TVs. I recall the "Save a Job, Buy American" billboards and bumper stickers. Too many consumers ignored such warnings, it was a classic tragedy of the commons example.

But for many things, it wasn't just the consumers' fault, it was also the corporations'. The American auto industry is the poster child for this one. We had (and still have) campaigns for "buy American", but the problem is that many times the American products totally suck compared to the competition. Back in the 80s, American cars were complete trash, while Japanese cars were cheaper and lasted much longer. Japanese cars are still much better than American cars, although they no longer have the price advantage, but people still buy Japanese cars because they have a reputation for quality which Detroit lacks because of decades of inferior products.

I don't remember as well, but I imagine Japanese consumer electronics, particularly TVs, were better in many ways than their American counterparts during the time they were in competition.

I consider it rather dishonorable to ask people to buy your crap out of feelings of national pride when you can't be bothered to make products that are as good as the competition.

Of course, with today's Chinese products, things are a little different. Unlike the ultra high-quality Japanese products we used to purchase, now most things are made in China, which does not have a reputation for quality at all. So if the choice is between a Chinese screwdriver and an American-made screwdriver, chances are the USA one is more expensive but also much higher quality, so at least you get what you pay for, unlike back in the 80s.

Re:We are to blame for China, not the corporations

[AHumbleOpinion]

I consider it rather dishonorable to ask people to buy your crap out of feelings of national pride when you can't be bothered to make products that are as good as the competition.

I agree. I am not suggesting that one buy solely on a nationalistic basis. What I am arguing is that local products and services should be one important factor. Recall that the complaint in my original post was "our consideration of virtually nothing beyond price".

I don't remember as well, but I imagine Japanese consumer electronics, particularly TVs, were better in many ways than their American counterparts during the time they were in competition.

Your US auto industry example is fine, in that area there was a quality gap. While much of the blame goes to the corporations the unions deserve some responsibility as well. However with respect to consumer electronics it is not that simple. Unlike the auto industry, the switch to Japanese electronics began while Japanese products were low quality and low price.

It's bad beyond a joke - so time for one

[dbIII]

I accidentally found some manufactured in the USA elsewhere in a "professional tools" section

In Australia we get a lot of professional tools from the USA. They end up managing telecommunications and other technology companies. I ask you citizens of the United States for the good of the reputation of your country to keep those managers who are complete tools within your borders, cut off their cocaine supply and put them to work sweeping floors somewhere where they can not do much damage with their remaining brain cells.

Re:It's bad beyond a joke - so time for one

[jwo7777777]

OK.... .....but you have GOT to keep those damn joeys off my lawn!

So how do you wipe it?

[saleenS281]

For 99% of the windows users out there, the second the drive is plugged in, it's going to autorun the virus. Sure, they can format it after that, but it's already too late. So how exactly do you expect them to wipe this drive? Oh, let me guess, consumers should know better than leave the default windows autorun settings *right*.

What's the big deal?

Lots of external hard drives come with free "backup" software pre-installed!

Seagate purchase...?

[saleenS281]

I do recall the chinese government... er... a *private* chinese firm wanting to buy seagate. Why not??? What could possibly go wrong?!?

It is more likely...

[sectionboy]

the computers of QC guys are infected.

Deja vu: Floppy disk virus

[flyingfsck]

So now you need a Linux PC to format all HDDs before plugging them into Windoze machines. As machines become more complex, the consequences of incompetence become larger as well. Long ago, pre-formatted Floppy disks contained pre-installed viruses, so this is nothing new, the media is just larger.

No virus in MBR?

[cipher1024]

Am I missing something here? One of the links to the Taipei Times quotes a spokesman from Seagate saying "Yes, the drive is formatted, but I have never heard of a virus that lives in the master boot record." Wow, that's reassuring.

Mod parent up!

[Hynee]

... please.

Thailand == China...

[flyingfsck]

So I guess Thailand must be a new province of China.

Re:Thailand == China...

[kegon]

Glad to see you read the Slashdot rule about not RTFA...

Around 1,800 of the portable Maxtor hard discs, produced in Thailand,

Location Verification

[erbuc]

To the person that posted the story ... Thailand and Taiwan are two distinctly different countries. Taiwan is the country that is a part of China, Thailand is not. I think you meant to state "HDs made in Taiwan". Just a clarification.

Re:Location Verification

[LackThereof]

Made in Thailand.
Sold in Taiwan.
You are the one who is confused.

Re:Location Verification

[erbuc]

Evidently I was confused. Thanks for the clarification.

Re:Location Verification

Taiwan is the country that is a part of China, Interesting way to phrase that. Taiwan is NOT part of china unless you are from China. In which case, yes, they are. Elsewhere, most countries consider Taiwan to be seperate.

Troll Alert...

[Belial6]

[Troll]
That's the problem with Windows. It doesn't Just Work(tm). You have to know these cryptic menus to edit databases just to keep your new USB drive from running whatever application happens to be on it. Maybe one day Microsoft could start doing some real usability testing and get Windows to be as easy for a new user as Linux.
[/Troll]

Re:Troll Alert...

[Jugalator]

OK, then use msconfig for a built-in autostart UI, if you must. :-p

Re:Troll Alert...

You misunderstand. Microsoft isn't trying to make the computer easier to use, they're trying to use it for you. They know what the user wants to do but that darned user keeps getting in the way.

Re:Troll Alert...

[ozmanjusri]

use msconfig for a built-in autostart UI,

That won't work.

msconfig is a diagnostic tool for disabling programs which are loaded at boot time. It has nothing to do with autoloading CDs.

There is no built-in autostart ui. If you're scared of the registry, you can download TweakUI, but you'll still need to disable autostart on a drive-by-drive basis.

Re:Troll Alert...

...to edit databases... The registry a database? It's more like throw all config files in one pot and stir.

Re:Troll Alert...

Not replying to your [troll] but to those that modded this insightful.

Because "j" for down, "k" for up, /etc/fstab, no uniform way to reliably modify the X resolution (despite the 30 gnome/nvidia/fedroa/mandriva/ubuntu apps to do such I've seen) without editing /etc/X11/xorg.conf (sometimes a symlink to XF86Config), finding (and possibly compiling) the right libdvd2.so, the gimp, and choosing one of 65 different distributions is all so simple, right?

You can just hold down the shift key. Or, If you want to modify the behavior of the OS when it mounts an external drive, you have to follow those 4 steps to modify the registry.

Pick me an OS and I'll find you a task that's an obfuscated PITA. Linux is many things, but I dare say it's NOT fundamentally easier to use.

Re:Troll Alert...

Powertoys for XP lets you disable autorun on a drive to drive basis, based on drive letter. Eg: drive E: will never autorun, etc.

Re:Troll Alert...

You know what I don't like about "Just Work" from Apple?

Because the real phrase is

"It Just Works...
Or It Isn't Even an Option"

Apple's "just works" deal (and owning a Mac right now that is running 10.5, along with the Linux system I'm typing this on, I can't say: Actually, it really doesn't always Just Work... anywhere) really only makes sense in the context of "We keep you to a heavily scripted environment, and in that limited context, with a limited option set, stuff usually doesn't go wrong"

But "Just Works" rolls off the tongue easier.

Re:Troll Alert...

Why be nice to your consumers, if being nice to crackers is so easy?

Re:Troll Alert...

[AnyoneEB]

I always disabled autostart in XP with the group policies manager, although I do admit to having difficulties finding the option. I remember it being much easier to find in earlier versions of Windows.

Yes.

[newr00tic]

goatse and tubgirl would be better.

Agreed.

Wrong wrong wrong

[ProfessionalCookie]

...Ahy wait a minute...that's ME you're pointing all that traffic at!!!

I know, I know!

[Kadin2048]

Where's the point in an autorun feature on a hard drive? Malware?

Wait, you meant a good purpose...in that case, no, there isn't any.

National Security

[mcrbids]

Somehow, I think alot of manufacturing that's been moved over to China is about to be brought back home. As I indicated the other day in my post here, over-reliance on China is less of an economic issue and more one of national security.

Lead in toys is bad, but the fact that this is happening indicates how little control we have over stuff manufactured over there. Intentional? Perhaps, but if so, it's quite stupid on the part of the Chinese. They should continue to produce quality crap for rock-bottom prices so that we trust their stuff, rather than the state of near-paranoia we're in now. Their goods are scrutinized more than ever, and the rapidly falling dollar means that we are becoming more and more competitive on the open marketplace internationally.

Really, the problem here is that the United States has bought the "free trade" Kool-aide, but the Chinese haven't - and have locked their currency to ours. As long as this is the case, we're really dealing with an unleveled playing field.

Re:National Security

[fatphil]

What definition of 'locking' currencies are you using?

http://finance.yahoo.com/currency/convert?from=USD&to=CNY&amt=1&t=2y

If that's locked, I'm a dutchman.

Anti Windows HD anyone.

A harddrive that after being inserted automatically asks users to install Linux to save self from these kinds of security risks.

To make things easier for users

[Sycraft-fu]

You've no idea how many people I run across that "go to the disk and run setup" is too complex for. Also, back when it was added (Windows 95) this kind of stuff wasn't a concern. However they've changed it with Vista. There is still autorun functionality, but you have to enable it. By default it asks what you want to do, and does not run anything.

Your joke

didn't work.

You never really could

[WindBourne]

2 good examples is that Xerox made special copiers that were sold to USSR. They would break down after a certain time, and require a service call. Turned out that the copier was holding a copy in memory of all that it saw and the service guy was off-loading it, and resetting it. Likewise, America made special chips that went into pipeline controller chips that were sold to USSR and caused a major problem with their pipeline.

The truth is, that that this code almost certainly went in with knowledge by the Chinese gov. They are simply using OUR AMERICAN hardware to spy on the west. Smart move on their part, bad for the west.

Re:You never really could

[M.+Baranczak]

Sorry, but the Xerox story sounds like bullshit. Where did the machine store all that data? You're potentially talking about hundreds of thousands image files. They didn't have 512MB Flash memory chips in those days (I assume you're talking 70's or 80's - certainly before '89). A tape drive the size of a suitcase would have been pretty conspicuous.

Re:You never really could

[WindBourne]

A quick google will get you anything (heck, it could even get you a hooker's address).

Re:You never really could

[M.+Baranczak]

OK, thanks. I was stuck thinking in terms of digital storage; doing something like this with a miniature film camera does sound a lot more plausible.

What's the big deal?

[beamin]

According to Donald Kerr, a deputy director of national intelligence, "There is something fundamentally different from the government having information about you than private parties. We shouldn't have to give people the choice between taking advantage of modern communication tools and sacrificing their privacy."

Threadjack: WTF?

[Corwn+of+Amber]

autorun.inf and ghost.pif, yeah, right. Who still uses windows, AND has autorun enabled?
Answer : Everyone. Even geeks give up configuring Windows to that point after one hundred reinstalls. Or they give up on Windows already... Okay, "who does not reformat new HDs before use?"

Who buys Maxtor HDs anyway? Never had one that even lasted till the end of warranty, used 8 of those in under two years. And there are not enough hours in one year to make up for the order of magnitude between announced and effective MTBF. (168*52 = way less than "tens of thousands of hours".)

Not that I excuse them for dataraping their customers. The exec that ordered that should be put to a very slow and painful death. With the Maxtor engineering team. (If there even IS one.)

Re:Threadjack: WTF?

[Lennie]

The problem is most Windows users format the disk from within Windows.

Then the malware already automatically gets run.

Re:Threadjack: WTF?

[Smidge204]

Solution? Ship the drives UNFORMATTED. No partitions or filesystems, no malware.

Most brands ship that brain-dead "install software" anyway, which the clueless will install. Have that "Initialize" the drive for them. The ones smart enough to not install that crap software will be smart enough to format the drive themselves.
=Smidge=

Re:Threadjack: WTF?

[jridley]

Interesting. The first thing I do when installing Windows is to shut off autorun on all drives and devices. I haven't reinstalled Windows that many times, because I don't download and install crud so I have Windows 2K and XP boxes that have been running for years without problems (often with 100+ day uptimes). I currently have 4 maxtors spinning at home that are > 4 years old. I have had Maxtors fail, but only after giving SMART warnings so I was able to get all my data off.

The last drive I had fail was a Seagate that came in my Compaq, it was only 2 months old and gave no SMART warnings, it just died in a blink of the eye.

Re:Threadjack: WTF?

[Reziac]

Easy way to install malware: include it on the floppy or CD that is used to prep the HD.

Re:Threadjack: WTF?

[ORBAT]

I don't understand how people get "100+ day uptimes" on Windows boxen. Don't you have to reboot practically every Tuesday? Or are you just not patching your system?

Re:Threadjack: WTF?

[Corwn+of+Amber]

I can get that, easy. Yes, by not patching. Why, to install the latest Microsoft malware? Do the test yourself someday : install Windows (2k or xp), then the necessary drivers (chipset, audio, VGA, LAN), then run a full Windows Update.

If it ever reboots, it will take an order of magnitude more time (i.e. either from "seconds" to "minutes" or from "minutes" to "hours"), and not only the first time - I'm talking after the full run. The one that will take the whole day, because you have to reboot a LOT of times.

Then, defrag your disk. If you can bear to wait the 5 minutes loading time just for MMC, and 5 more minutes "connecting to Local Disk Management Service" while you think "is LOCAL not supposed to be FAST?".

Then, you will well format and reinstall, and NOT update the thing. And you'll have learnt why people end up using Windows XP : Pirate Edition. The one that gets updated every so often, and that you'll have to track different distros of, to get the latest fixes.

It's not "the alternative to windows update", it's the only option if you want an up-to-date WinXP. Windows update breaks you PC. I've tried the method above on every hardware generation since 2001 : Athlon/P4s on VIA/Intel/AMD chipsets with ATI/nVidia cards and SDRAM/DDR/DDRII. WINDOWS UPDATE BREAKS WINDOWS XP. That is a FACT. If you update your WinXP box, it WILL become so slow as to be completely unusable.

But I'm on a hackintosh now, so if I want my computer to catch a virus, I have to ask it to run doubtful code. And to update it, I go to the forum and search for updates. That happens once in three months iirc...

Re:Threadjack: WTF?

[jridley]

I generally don't install patches very often. Or rather, I install them and defer the reboot if it asks (not every patch requires a reboot).

I don't use any Microsoft software other than Windows itself. Honestly, I've stopped running antivirus software too. I've been using the internet since it was a KA9Q packet driver running over MSDOS and I had to know IP addresses, and emails were all bangpath'd, and I have yet to get a virus installed on my machine. I've had them try to get in, for instance via email, but I've always said "That looks like a virus/trojan/etc to me" and sometimes I'd feed it to a virus scanner to confirm. I do still run an overnight virus scan from time to time, but I've gotten sick of losing a continually-increasing amount of CPU and disk time to resident scanners.

As far as open port attacks, well, that's what a hardware firewall is for.

My record for uptime on a Windows box is 283 days. That's because I don't have a UPS; otherwise it would be longer.

Doesn't work for XP Home

> It's a windows GUI tool.

Not for XP Home or other crippled MS products...

Re:Doesn't work for XP Home

Then download tweakUI from microsoft and turn off autoplay there.

Re:Doesn't work for XP Home

[Tim+C]

That's because XP Home (and presumably Vista Home) can't be connected to a domain, and group policy is intended for use in a domain, to set permissions network-wide which can be overridden (if necessary/desirable) on a per-machine basis by someone with (domain?) admin access.

Cheaper products with mostly unneeded features removed, or more expensive products with features a home user won't even understand let alone need; that's basically your choice, and I always thought that choice was supposed to be good.

Re:Doesn't work for XP Home

[Mattsson]

Choice is good.
One does wonder, though.
Does the extra work put into removing specific software, services, etc, in the basic versions of windows really motivate a lower price-tag?
I mean, MS prioritize the corporate versions of windows, so that one is finished first and receives most testing.
This means that the lower versions actually did cost more to develop than the corporate one.

Re:Doesn't work for XP Home

[Tim+C]

No, I don't think so. Don't forget it's not just development of the software that must be paid for, there's the design, requirements gathering, testing, etc. Compared to the total cost of developing a given module, taking it out of the downgraded version is most likely next to free.

Yes, in a sense it's an added cost; but you're spending (say) $2 to remove $200 of functionality and charge $100 less (figures illustrative only, ie pulled out of my arse) to people who wouldn't have paid the full price in the first place.

Production is a sunk cost, you've spent it no matter how many copies you end up selling. If a little bit of extra work enables you to sell a boatload more copies at a reduced price, it may well be worth it.

On the other hand, they may actually develop the basic version, then develop the bolt-ons that make up the corporate versions. Besides which with Vista, Ultimate is a merger of Home and Business; it's *more* than the corporate version. If they do the corporate version first, then Ultimate really is an added cost.

Re:Doesn't work for XP Home

[Mattsson]

Mmm... You have a point there.
I still have a feeling that the main reason for releases like Home, Basic, etc are to be able to justify a higher price for the non-crippled versions.
It's easier to swallow a huge price-premium on the full OS if there are cheaper versions out there with less functionality.
If MS had simply released one version of Vista, the same people who today are willing to spend $300-$400 on Vista Ultimate in order to get the "best" version, would scream out loud at the thought of paying that much for an OS license.

Technet says 0xff not 0xb5

MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended) DWORD 0xFF

from http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch10n.mspx

and http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/xpsgch03.mspx

just FYI

Re:Technet says 0xff not 0xb5

[Just+Some+Guy]

MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended) DWORD 0xFF

On behalf of every Linux user that's ever had to listen to Windows users making fun of /etc: <nelson>Ha-ha!</nelson>

thems is fightin words

[slew]

Taiwan is the country that is a part of China

I think many folks in Taiwan would have an issue with this statement.

A quick history lesson. The aborignal people of taiwan are actually connected to the other oceania aborignes (e.g. native of the other islands like the philippines, malaysia, and indonesia). The mainland Ming and Qing dynasties (pre-cursors to modern china) never really considered the island as part of their "middle kingdom".

Meanwhile, the Dutch that colonized the island which they called Formosa (which is now Taiwan) to use as their base to trade with Japan. This was managed by the Dutch East India Company (Spain briefly tried to hone in on the island, but were driven out by the Dutch).

Eventually, the conflicts that led to the formation of modern china, spilled over to the island. Koxinga, a Ming dynasty warlord/general/rebel (born in japan to a mother who was japanese and a Ming dynasty general) overthrew the dutch on Formosa to establish a base for Ming dynasty rebels that wanted to re-take over the Qing dynasty. This event has historically been cited by the chinese as their historic claim over the island, but it seems no more valid than the Dutch claim which is basically moot (since as we know possesion is more than 9/10 of international law).

Of course the Japanese eventually defeated the Chinese in the Sino-Japanese war and the Qing ceded Taiwan to Japan as part of the Treaty of Shimonoseki. Japan basically occupied Taiwan until the end of WWII.

During the resolution of WWII and the Japanese surrender, basically, Japan was forced to give up all the territories that it gained all the way back from the end of WWI from the Republic of China which included the island of Formosa. The decision of who the territories should fall to were left up for the final Treaty of Peace with Japan which left the decision to the winners of WWII in the Pacific (basically the US, the UK and Soviet Union and the ROC).

Of course after WWII, this was all complicated as the Republic of China which was generally considered the KMT government at the time was overthrown by the People's Republic of China (Mao, etc) and the KMT government retreated and occupied Taiwan for many years claiming that they were still the KMT/ROC. That and the beginnings of the cold war power struggles led to the controversial Treaty of San Francisco which officially ended WWII in the pacific required that Japan cede Taiwan to one of the "winners" which due to a complicated set of circumstances, the ROC or the PRC were never specified (since they weren't invited to be part of the treaty because of the civil war at the time there was no agreement on who the government was).

In fact with some stretching, it's possible to conclude that the Treaty of San Francisco actually leaves Taiwan as an occupied territory of the United States (sort of like berlin was occupied by 4 powers at the end of the war in europe).

So it's actually debatable that Taiwan is even a country and if it is, if it is actually part of China or an independent country in it's own right...

Re:thems is fightin words

[joto]

Who the fuck cares about all this history? Here are the facts:

1. Taiwan is a part of China, as long as the Chinese government says so, and nobody starts a war against them to dispute it (or find some other way of convincing the Chinese government, which is not very likely right now)
2. Many people view Taiwan as a country that should be independent

Of course, saying that "Taiwan is the country that is a part of China" isn't very precise, as that description fits Tibet even better.

Besides, there are other territories in the world, where the people who live there feel they have "a common identity", "a common language", and all the other things that should make them "a national state", without being so. And there are also several "national states" created late in history, who didn't have a long history of political independence prior to that. If the Taiwanese people want to be a national state, that's what they want, regardless of recent history. Then again, if Taiwan was part of something else, such as USA, they might not be so eager to get rid of their masters. I too would want to get out of China, if I lived in a part of it, that could function well without it.

Re:thems is fightin words

In short:

Made in Republic of China == Made in Taiwan (China calls this a province of China, Taiwan call itselves a republic)
Made in China == Made in China/Hong Kong
Made in Thailand == Made in Thailand

TAG IT WINDOWS

This silly problem only affects windoze lusers. What a surprise.

Thanks for the laugh

That link was tops!

It could be worse

I once bought a computer with Linux preinstalled.

Use it to wrap the bathroom tiles

[EmbeddedJanitor]

http://yro.slashdot.org/article.pl?sid=07/10/29/1833227

Condoms make excellent tile covers.

Not really

Japan is not trying to destroy the west, since they are basically part of the west. China, OTH, is waiting patiently for their tech to come close to ours.

Actually, "Just Work"ing is the problem here....

[jdickey]

Windows knows better than you do what should be done with a new drive. And if it doesn't, that's your tough schist. After all, you're not foolish enough to believe you actually own your computer once you've put Windows on it and connected to the Wild Wild Web? Your friendly global software megalomaniac "owns" it, and some pimply-faced teenager from East Slobodnia pwns it. Don't like that? Use another system....

seriously - autorun (for ANY media - optical or other) should be one of those times when Windows puts up a dialog saying "I'm about to run the autostart program from this drive you just connected. Yes/No/Format?" Any "security" system worth its weight in used toilet paper should do that for you.

To see how far they can go?

[SmallFurryCreature]

There was a point in history when the US of A did overflights of russia for 'recon' with the bombers, the same aircraft that would fly over russia in the outbreak of a war were send on 'recon' missions. Talk about bloody insane, what if a russian commander had taken it for an assault? How is he supposed to know what is in the bomb bay.

Countries pull these stunts to see how far they can go, compared to sending nuclear bombers on recon flights this one is harmless, but it does tell the chinese a lot about the west. We need their stuff, we cannot stop it, we cannot say, no more HD's not made in the west.

The US learned that the USSR at the time had no way to stop these aircraft (one of the reasons russia became so obsessed with interception tech was these flights, every US aircraft shotdown over vietnam with SAM's was the result of these probe missions, remember that incident where russia showdown a korean airliner? The US had a very long history of probing soviet airspace with civilian aircraft, that time some innocents learned just how far the US could go.). China has learned just what they can pull.

After all what is the US going to do, the western economy needs China, it would require a massive change of police to do anything about this. So China now knows that they can get away with it. Even if the chinese goverment did not do it, they still know this.

It seems a simple test to see just how deeply the western economy now depends on chinese products.

frankly I think it is far simpler, someone paid someone to put this on, and someone did. All these lead paint stories are nothing more then someone trying to increase his income. Ages ago I worked in a warehouse for glasses (sunglasses and regular frames), these things cost nothing but sell for a small fortune. Every now and then a small truck would arrive and load things, nothing abnormal except that the guy never bothered with a loading bill. The deal was simple, orders were frequently wrong, so with some carefull mis-management there was always surplus stock, this guy could sell those goods, all you had to do was make sure that whenhe arrived they were close enough by the door. In exachange, you would get a bonus, you didn't ask where it came from and they didn't tell you.

Apparently head office got a bit suspicious after a while and ordered a complete inventory count, the week before that we had a burglary. We didn't know what had been stolen, but luckily we had that inventory check coming up, so we would be able to tell the police then.

The "burglary" was almost idiotic, the way they entered they would have had to been acrobats to get anything out, they had forced open a door that had been blocked off by a shelving unit. They would have had to wriggle under the door, climb over the shelving, climb down and do that several times to get anything. All under the eyes of camera's. Can you say 'setup'?

But hey, it paid badly and the 'bonus' easily was half my salary, while to me the risk was at most undeclared income. Same I think here, someone offered some guy at the 'install crap software on the HD' department to install a little bit extra, and they took it.

Re:To see how far they can go?

[fnj]

The US had a very long history of probing soviet airspace with civilian aircraft.

Perhaps you can back this up with credible evidence?

Quality Assurance Rant

[WeirdJohn]

Part of the problem is that 'Quality' is synonymous with 'all the right paperwork in place' and not with the actual 'quality' of the product. Without going down the slippery path of trying to objectively define quality in a way that works (see 'Zen and the Art of Motor Cycle Maintenance' to see how stuffed up you can get trying to sort that out), there has to be some kind of adaptation of ISO Quality Certifications that includes the product and not just the process and procedures.

Multisession DVDs

[splutty]

This works perfectly, with just one small problem...

All burn software I've used so far (Sonic, Nero, Isoburn) will NOT recognize a multi session DVD as having data on it if you've disabled autorun in this manner.

It cost me a lot of headaches to finally find out what was going on, since the DVDs were all reported as 'unformatted, empty' (depending on whether it was a R or RW), but not actually writable (however it was formattable if it was an RW)

So there's some underlying logic there which probably disables the preread necessary for multisession discs (I'm assuming this would work the same for CDs, although I haven't tried that)

This is my personal experience and my inquest into why this happened, so YMMV. Win XP Home SP 2.

Chinese whispers...

[ootykumar]

"the trojans are for the hard dicks" got a little misunderstood down the assembly line?

No, it was intentional

[SmallFurryCreature]

If it had simple been a MBR type virus, that could have snuck on board during the process that formats the drives. This is how other infections have taken place, the machine that produced the finished image is infected and so the image gets infected.

If it had been a virus in one of the apps that come with some external drives, that could have gone a similar route.

But how the hell does one accidently come up with a virus/trojan/malware that accidently happens to be exactly what you need to infect a clean HD? If you read the description this piece of malware was designed to be used in this manner, it is not just a random infection.

I did spot one error in the story, that could be attributed to idiot journalists, about the claim the 500gb maxtor disks are typically used by goverments to store databases and such. Yeah, right. Store critical databases on a maxtor disk? Then the story goes on to contradict itself by claiming the disks were sold via stores, goverments do NOT hop to the closest store for their hardware. The disks in questions are cheapo consumer models, not destined for places like goverment at all.

It seems an odd case, but frankly I seen odder cases, perhaps it was just an attempt by someone to see if they could, or maybe it was test run. I don't really think it was a secret chinese job, unless they simply wanted to see if it was possible. The reason it uploaded to a chinese site is most likely simply that it is simple to host a site there.

Wasn't there a story about the RBN moving to china?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

wow, and people want us to give international cont

[Teriblows]

rol of the internet to countries like china?

Even scarier is this...

[hotrodent]

how long before "they" start adding stuff like this malware at the microcode level? could this even be happening now? i mean how long were those little yellow dots being printed by thousands of printers before it was discovered?

MBR viruses: Never heard of!

[saper]

I liked this most (Seagate's spokesperson):

"Yes, the drive is formatted, but I have never heard of a virus that lives in the master boot record."

got stoned?

What if..

What if Chinese Govermment is really behind this? Let's play a little mind game..

You put in some malware to spy on your own citizens. You want total control, and you are getting good funding by the goverment and you have silent acceptance from the big manufacturers. Just another trick to add more level of control to already complex scheme they have in China.

Now, let's think that some guy made a mistake. No, he didn't put the spycrap there by mistake. It was there because Chinese Goverment wanted it there. His mistake was simple, he shipped the hard drives to abroad. Those hard drives were for domestic sale in China.

So my theory is, that like google is forced to limit search results in China, hard drive manufacturers are forced to put in this crap. When it accidentally ends up somewhere else than China, it is downplaying time. Or just stay quiet. You can always blame some virus writers and hackers for it, right?

LISTEN UP WANNA BE PSYCHIATRIST/PSYCHOLOGIST

Maybe he's not the fugly bastard mutant looking freak you are. Ever thought of that? No, probably not. When you eventually figure out that people who are attractive have every right to be proud of themselves, whereas you do not apparently because you are some reject, then you might have made a true discovery for yourself.

Re:LISTEN UP WANNA BE PSYCHIATRIST/PSYCHOLOGIST

[networkBoy]

No, he's right, I'm a closet narcissist. This is my one release in life, to sign my /. posts. I must do it, for if I didn't my heat would explode in an atomic blast unrivaled since the dawn of man. Remember Tunguska? That was when I only had a chance to partially sign a post. You don't want that to happen again do you?

Here's to saving the world ;-)
-nB

Re:LISTEN UP WANNA BE PSYCHIATRIST/PSYCHOLOGIST

[G+Fab]

I seem to remember people doing this on bbs services and usenet forums.

It is odd to cling to tradition like that, but that's human nature. Is this why you sign your posts? Cause you always did back in the day?

Re:LISTEN UP WANNA BE PSYCHIATRIST/PSYCHOLOGIST

[networkBoy]

Basically, yes. I's down to muscle memory at this point.
-nB

DBAN

[jkmiecik]

DBAN any new drive. Problem solved.

Do You Really Think You are Safe...

[SloWave]

by wiping the drive? Think again. All these drives have embedded firmware. It would be real easy for a motivated entity to put malware in the drive firmware in such a way that it would be almost undetectable and un-eraseable. Maybe this is the Chinese Government's payback for the backdoors Embedded in Microsofts Windows by the US Government.

It has nothing to do with Chinese Gov.

[fadshop]

ghost.pif virus was rampant, at least in China, in May and June. Maybe it's "Made in China", such as Red Code is "Made in US". So the hard drive data is sent to Beijing website.
The chance is that the Chinese Contractor, if it exists, has virus infected, so when it is processing the HDs, the HDs got infected.

First of all, Windows sucks.
Second of all, some people is not professional when processing the HDs.

obligatory on "virii"

[dsanfte]

Virii is not a word.

Re:Actually, "Just Work"ing is the problem here...

[Mister+Whirly]

"seriously - autorun (for ANY media - optical or other) should be one of those times when Windows puts up a dialog saying "I'm about to run the autostart program from this drive you just connected. Yes/No/Format?" Any "security" system worth its weight in used toilet paper should do that for you.

Windows does this already. The first time you connect a drive or insert a CD/DVD, Windows first tries to determine the type of media (pictures, videos, data files, etc.) and presents a prompt asking you what you would like to do - Play the movie, open the pictures in preview, launch your mp3 player, etc. - and the users are the one who decides what Windows does. There is also a checkbox for "Always take this action" with that type of media, and as long as you don't check this (or, select "Always prompt me" and select "Always do this") Windows will not automatically do anything.

D'oh, I almost forgot!

This story reminded me that I need to buy condoms. Thanks, Slashdot!

Re:Actually, "Just Work"ing is the problem here...

[Grishnakh]

seriously - autorun (for ANY media - optical or other) should be one of those times when Windows puts up a dialog saying "I'm about to run the autostart program from this drive you just connected. Yes/No/Format?" Any "security" system worth its weight in used toilet paper should do that for you.

I'd rather see Windows put up a dialog saying "I'm about to run the autostart program from this drive you just connected, and it's infected with a virus. There's nothing you can do to stop me! Hahaha!!! Sucker! Should have bought the Windows Vista Super-Mega-Ultimate Edition instead of being cheap and getting the basic version!"

Once bought a Trojaned Router

[StCredZero]

This was over 5 years ago. Web pages were downloading SLOWWWWLLLY with this router. I looked into it, and discovered that the throughput was normal, but the latency was horrendous. Furthermore, it was only the DNS that had high latency. No matter what settings I put in, the thing was trying to route all of my DNS requests to a some machine that I tracerouted to China. Someone trying to set up man-in-the-middle attacks, maybe?

One Solution

People can stop buying goods made in China. You can also go to http://www.petitiononline.com/Taiwan/petition.html and sign the petition to have the U.S. government officially recognize Taiwan.

Data format?

[phorm]

So what does the data from the virus look like? If somebody can post it I can probably whip up some happy little javascripts and perl scripts to send them all kinds of fun data.

Obl

[killmofasta]

127.0.0.1 is MY computer! That's amazing! I've got the same IP on my luggage! In case you havent heard:
"Hey, there is that pesky 127.0.0.1 again.
He is attacking again! The last time I sent him a ping of death my computer crashed!
Ill just..."

This one is for real! (I kid you not) Reminds me of an old Mad Joke:
"When I woke up, I saw 10 eyes starin at me, so I emptyed my gun, and when I woke up in the morin, I only had my pinkie toes left."

uploading 500GB?

[cavebison]

"The tainted portable hard disc uploads any information saved on the computer automatically and without the owner's knowledge to www.nice8.org and www.we168.org, the bureau said."

How realistic is this.. really? They must have some serious bandwidth to be receiving Terrabytes of information from around the world to one single IP.

Besides, if this was really happening on a grand scale, wouldn't internet traffic spike more dramatically than any botnet sending simple emails?

Mod parent up - Vista does indeed not auto-run

[funkdancer]

Mod parent up. I was just going to post the same fact - Vista will actually ask you what you want to do, and to my knowledge it has not once run anything without my explicitly requesting it do so.

Me and my 3.8ghz Q6600 system is quite liking Vista. :)

Reformatting might not work

[gevantry]

If the malware is on a sector of the disk normally skipped during ordinary reformatting, then a reformat might not get it.

Also, who says this is the Chinese government trying to collect intel on other governments? It could just be some officials somewhere looking for ways to clean out other people's bank accounts. Or a test run for future acts of IT warfare. What better way to demoralize citizens of your enemy's country than to suck their bank accounts dry? What a burden that would place on your enemy's resources!

My vote goes for the crooks in the cogs of a bureaucracy using a clever way to get rich while using their government agency to mask their nefarious ways.