Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Found In New HDs Sold In Taiwan

Posted by kdawson on from the bourne-again dept.

GSGKT writes "About 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand were found to have trojan horse malwares pre-installed (autorun.inf and ghost.pif). When the HD is in use, these forward information on the disk to two websites in Beijing, China: www.nice8.org or www.we168.org. The article implies that authorities believe the Chinese government is behind the trojans. A later article pins down the point of infection to a subcontractor company in China. A couple of months back the Register was reporting on pre-installed malware detected on Maxtor disks sold in the Netherlands. This earlier report was downplayed by a Seagate spokesman." The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.

21 of 344 comments (clear)

  1. First off... by explosivejared · · Score: 5, Funny

    Anyone who doesn't wipe a new drive first off is just begging for this sort of thing. Secondly, I guess it's a new competition for Chinese manufacturers to see what's the worst secret addition to a product sent overseas. Lead in toys, GHB in toys, phone-homes on HDD's... what's next killer bees in new TV's... really. Consumerism bites!!

    --
    I got a catholic block.
    1. Re:First off... by MrAndrews · · Score: 2, Funny

      Exactly! The TFA has a definite agenda... in reality, this is a competitive move by Maxtor. You have to do extraordinary things to stand out in this global economy.

      --
      The world's only surviving livewriter.
    2. Re:First off... by uncoveror · · Score: 2, Funny

      When I read that these drives were originally for government agencies, I suspected it might be Monkeypoo... VIRUS WARNING: Attention: Computer Labs Inc., makers of Virucide antivirus software have identified a highly dangerous new Trojan worm, MONKEYPOO. It will usually appear in an e-mail with the subject, "Congratulations.You have won!" it will then prompt you to click a link to collect your cash prize. It can also freely spread across networks. Monkeypoo will read your address book, and mail a copy of itself to every address it finds, and it will look like you sent it. It will then invoke the secret self-destruct command held over from the original IBM PC's 8086 command set. This short line of code will cause the processor, ram, hard drive and any floppy drives to spin out of control and overheat until key components melt together, and will most likely cause a fire. James Winklee, a former IBM programmer had this to say. "We developed the self-destruct code so government agencies such as the FBI and CIA could quickly and completely destroy compromised computer systems before an enemy could get their hands on classified information. When we saw how violently a PC executing the command burst into flames, we decided not to publish its existence. It has been kept a secret successfully until now. If you get infected with the Monkeypoo Trojan worm, you may notice your computer going completely haywire. Physically unplug it from power as fast as you can, and send it in for repair. Only a professional can remove this one." While Computer Labs Inc and other antivirus software makers are working on a solution, they haven't got one a home user could successfully run yet. "This is the worst kind of malicious code I have ever seen." said Marcus Polan of Computer labs Inc. Use extreme caution. It is important that as many computer users as possible receive this warning, so send it out to as many people as you can. The entire Internet and every PC connected to it is at risk.

      --
      The Uncoveror: It's the real news.
    3. Re:First off... by Anonymous Coward · · Score: 4, Funny

      >I'm not sure how Windows actually handles "mounting" behind the scenes

      Simple. You install Windows, and feel as if you were being mounted by Ball-mer. With a chair.

    4. Re:First off... by dotgain · · Score: 3, Funny
      Or in my case, it tries to assign a driver letter, fails because there's already a drive using that letter, and says:

      24 Volumes ought to be enough for anybody. Bet you never thought you'd run out of drive letter, huh?
    5. Re:First off... by timeOday · · Score: 5, Funny

      Sssh! The shift key is a copy-protection circumvention measure of questionable legality!

  2. It's a bargain! by techmuse · · Score: 5, Funny

    Most PCs ship without professionally produced malware installed. While everyone might *wish* that their PC came with such software, only a small percentage of customers are actually lucky enough to get their malware free of charge. Mac users, don't feel bad that your system won't come with it. You get iLife. :-)

  3. Re:Obilgitory HOSTS comment: by lordofthechia · · Score: 5, Funny

    Why not take some initiative.You can block the sites, or you can send them what they want! DATA! Send them lots of data, format it like it was sent with the virus and have fun coming up with a random assortment of websites to include in it (sure we could thing of a couple).

    So why ignore when you can use up their bandwidth and screw up their database. Just an idea.

    --
    Georgia Tech, the leader in Chia(tm) technology.
  4. Re:Not a trojan by Waffle+Iron · · Score: 2, Funny
    Computer <-> Troy

    SATA connector <-> City gate

    Disk drive <-> Big wooden horse

    Autorun file <-> Greek soldiers

  5. It could be worse by Tribbin · · Score: 5, Funny

    I once bought a computer with Windows preinstalled.

    --
    If you mod this up, your slashdot background will turn into a beautiful sunset!
  6. It was meant to benifit the customer by edwardpickman · · Score: 3, Funny

    They figured it was a time saving feature that would save bandwidth for the buyer having the Trojans preinstalled.

  7. Re:It's times like this... by ozmanjusri · · Score: 4, Funny
    I'm equally safe

    Only if you disabled NTLDR as well....

    --
    "I've got more toys than Teruhisa Kitahara."
  8. I think ... by PPH · · Score: 2, Funny
    ... the makers of third party malware should sue. Having OEM malware preinstalled is going to drive them out of business eventually.

    Perhaps the EU can take up their case.

    --
    Have gnu, will travel.
  9. Re:Obilgitory HOSTS comment: by IgnoramusMaximus · · Score: 2, Funny

    Please add to your host files:
    127.0.0.1 www.nice8.org
    127.0.0.1 www.we168.org

    You bastard! I did and that unsavory host at 127.0.0.1 (isn't the 127.x range like the dark back-alleys of the Intertubes?) infected me with a nasty trojan, probably because it has like a million gajigabytes of completely illegal, pirated contents on it!! A veritable pirate hive, that! I hold you pesonally responsible for directing us, pure, innocent Slashdotters to it!

  10. Oh, malware... by Anonymous Coward · · Score: 5, Funny

    By "Trojans Found In New HDs Sold In Taiwan", I thought they meant condoms.

    (OK, who's the comedian? My catchpas is "durable".)

    1. Re:Oh, malware... by SeaFox · · Score: 5, Funny

      By "Trojans Found In New HDs Sold In Taiwan", I thought they meant condoms.

      That would suck. Imagine hundreds of geeks getting a box in the mail from NewEgg filled with a product you have no use for.
  11. Re:Liar! by Wingnut64 · · Score: 2, Funny

    127.0.0.1 is MY computer! That's amazing! I've got the same IP on my luggage!
    --
    echo 'Header append X-HD-DVD "0x09f911029d74e35bd84156c5635688c0"' >> /etc/apache2/httpd.conf
  12. It's bad beyond a joke - so time for one by dbIII · · Score: 4, Funny

    I accidentally found some manufactured in the USA elsewhere in a "professional tools" section

    In Australia we get a lot of professional tools from the USA. They end up managing telecommunications and other technology companies. I ask you citizens of the United States for the good of the reputation of your country to keep those managers who are complete tools within your borders, cut off their cocaine supply and put them to work sweeping floors somewhere where they can not do much damage with their remaining brain cells.

  13. Threadjack: WTF? by Corwn+of+Amber · · Score: 3, Funny

    autorun.inf and ghost.pif, yeah, right. Who still uses windows, AND has autorun enabled?
    Answer : Everyone. Even geeks give up configuring Windows to that point after one hundred reinstalls. Or they give up on Windows already... Okay, "who does not reformat new HDs before use?"

    Who buys Maxtor HDs anyway? Never had one that even lasted till the end of warranty, used 8 of those in under two years. And there are not enough hours in one year to make up for the order of magnitude between announced and effective MTBF. (168*52 = way less than "tens of thousands of hours".)

    Not that I excuse them for dataraping their customers. The exec that ordered that should be put to a very slow and painful death. With the Maxtor engineering team. (If there even IS one.)

    --
    Making laws based on opinions that stem up from false informations leads to witch hunts.
  14. Re:LISTEN UP WANNA BE PSYCHIATRIST/PSYCHOLOGIST by networkBoy · · Score: 1, Funny

    No, he's right, I'm a closet narcissist. This is my one release in life, to sign my /. posts. I must do it, for if I didn't my heat would explode in an atomic blast unrivaled since the dawn of man. Remember Tunguska? That was when I only had a chance to partially sign a post. You don't want that to happen again do you?

    Here's to saving the world ;-)
    -nB

    --
    whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  15. Re:Technet says 0xff not 0xb5 by Just+Some+Guy · · Score: 2, Funny

    MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended) DWORD 0xFF

    On behalf of every Linux user that's ever had to listen to Windows users making fun of /etc: <nelson>Ha-ha!</nelson>

    --
    Dewey, what part of this looks like authorities should be involved?