Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Found In New HDs Sold In Taiwan

Posted by kdawson on from the bourne-again dept.

GSGKT writes "About 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand were found to have trojan horse malwares pre-installed (autorun.inf and ghost.pif). When the HD is in use, these forward information on the disk to two websites in Beijing, China: www.nice8.org or www.we168.org. The article implies that authorities believe the Chinese government is behind the trojans. A later article pins down the point of infection to a subcontractor company in China. A couple of months back the Register was reporting on pre-installed malware detected on Maxtor disks sold in the Netherlands. This earlier report was downplayed by a Seagate spokesman." The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.

15 of 344 comments (clear)

  1. Obilgitory HOSTS comment: by killmofasta · · Score: 5, Informative

    Please add to your host files:
    127.0.0.1 www.nice8.org
    127.0.0.1 www.we168.org

  2. Comment removed by account_deleted · · Score: 3, Informative

    Comment removed based on user account deletion

  3. Seagate admits it by Camael · · Score: 3, Informative

    The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing. Untrue. The Seagate article can be found here: http://www.seagate.com/www/en-us/support/downloads/personal_storage/ps3200-sw/
    So this is not a hoax, after all.
    1. Re:Seagate admits it by ColdWetDog · · Score: 2, Informative

      Well that link throws a 404 error. Searching for "Trojan" on the Seagate site just gave me a couple of links to a Terms of Use agreement. I just didn't have the heart to explore that concept further.

      --
      Faster! Faster! Faster would be better!
  4. Re:How would that even work by totally+bogus+dude · · Score: 2, Informative

    Autorun can definitely run exe's, that's its main purpose. That's how the installer automatically starts up when you insert a game or application CD. It's possible that the exe needs to be signed or something, but it's more likely that whatever program you were using simply "did it wrong".

    Don't forget that you can also disable autorun permanently, rather than having to remember to hold shift every time you insert a disc.

  5. Nope by The+MAZZTer · · Score: 2, Informative

    Default Windows settings would run the trojan once you plugged the drive in. To avoid this you either have to hold shift for an indeterminate amount of time while plugging the drive in, which can be difficult or impossible. With such a drive you're likely to use a more inaccessible port because you likely won't be needing to unplug it much. The only other alternative is to disable autorun for removable drives. This option is not available in the standard GUI and third party tools (or TweakUI) are needed.

    1. Re:Nope by LurkerXXX · · Score: 5, Informative

      3rd party tools? Who needs 3rd party tools?

      gpedit.msc

      It's a windows GUI tool.

      Computer Configuration > Click "Administrative Templates" > Click "System" > Double-Click "Turn off Autoplay", set it for "All Drives" and click the "apply" button.

  6. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  7. More Info on the Worm by essinger · · Score: 2, Informative

    The article doesn't state it but this seems to be the worm W32.Drom. Symantec rates the threat as Very Low with 0-49 total infections. Take that with however many grains of salt you wish.

  8. Re:First off... by colfer · · Score: 5, Informative

    Overriding autorun can be done in the registry, so you don't have to remember to hold down the shift key. Does it work for USB hard drives? Probably. These are the notes I have.

    Works for USB drives and CD-ROMS.
    [2007/10, from:
    http://www.mydigitallife.info/2006/09/11/disable-auto-run-and-auto-play-of-u3-smart-drives-launchpad/%5D

          1. Click Start -> Run.
          2. Type RegEdit in the Open text box, then press ENTER.
          3. In the Registry Editor, locate and click the following registry key:

                HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom
          4. Modify the value of the Autorun to 0 (zero) so that CD-ROMs and Audio CDs do not run and start automatically when inserted.
          5. Next navigate to the following registry subkey:

                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
          6. Modify the value of the NoDriveTypeAutoRun entry to 0xb5 value to turn off the AutoRun feature for CD-ROMs by right-click NoDriveTypeAutoRun and then click Modify to type B5 in the Value data box. Select Hexadecimal, and then click OK.
          7. Quit Registry Editor.
          8. Restart your computer.

  9. Re:First off... by networkBoy · · Score: 3, Informative

    Um... I've always found it more convenient to mount drives as a subdir in windows, doubly so if you have tons of drives.
    -nB

    --
    whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  10. Doesn't work for XP Home by Anonymous Coward · · Score: 2, Informative

    > It's a windows GUI tool.

    Not for XP Home or other crippled MS products...

  11. Re:Troll Alert... by Jugalator · · Score: 2, Informative

    OK, then use msconfig for a built-in autostart UI, if you must. :-p

    --
    Beware: In C++, your friends can see your privates!
  12. Re:Threadjack: WTF? by Lennie · · Score: 2, Informative

    The problem is most Windows users format the disk from within Windows.

    Then the malware already automatically gets run.

    --
    New things are always on the horizon
  13. Re:Troll Alert... by ozmanjusri · · Score: 2, Informative
    use msconfig for a built-in autostart UI,

    That won't work.

    msconfig is a diagnostic tool for disabling programs which are loaded at boot time. It has nothing to do with autoloading CDs.

    There is no built-in autostart ui. If you're scared of the registry, you can download TweakUI, but you'll still need to disable autostart on a drive-by-drive basis.

    --
    "I've got more toys than Teruhisa Kitahara."