Slashdot Mirror
Trojan Found In New HDs Sold In Taiwan
GSGKT writes "About 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand were found to have trojan horse malwares pre-installed (autorun.inf and ghost.pif). When the HD is in use, these forward information on the disk to two websites in Beijing, China: www.nice8.org or www.we168.org. The article implies that authorities believe the Chinese government is behind the trojans. A later article pins down the point of infection to a subcontractor company in China. A couple of months back the Register was reporting on pre-installed malware detected on Maxtor disks sold in the Netherlands. This earlier report was downplayed by a Seagate spokesman." The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.
Lead in paint, malware in HD's same thing really
Make SELinux enforcing again!
Anyone who doesn't wipe a new drive first off is just begging for this sort of thing. Secondly, I guess it's a new competition for Chinese manufacturers to see what's the worst secret addition to a product sent overseas. Lead in toys, GHB in toys, phone-homes on HDD's... what's next killer bees in new TV's... really. Consumerism bites!!
I got a catholic block.
Most PCs ship without professionally produced malware installed. While everyone might *wish* that their PC came with such software, only a small percentage of customers are actually lucky enough to get their malware free of charge. Mac users, don't feel bad that your system won't come with it. You get iLife. :-)
I mean, so what if there's a trojan that steals my identity and turns my computer into a botnet node? So what the materials it's comprised of let off poisons that will kill me and my whole family? I saved $6 on this baby!
Is this a news report or a trailer for a motion picture?
While the open source movement has done a great deal toward making software understandable, at some point, people have to trust their computers. However, this used to be a great deal easier, because engineers had a good idea of what could be done with a particular amount of circuitry.
The increasing level of integration means that hardware is more and more of a black box. While this has led to huge savings in cost and performance boosts, we've paid for it by being unable to debug the hardware, and unsure of what's really going on inside.
While the case in the article talks specifically about a trojan horse installed normally on the drive -- and thus something that should have been remedied by a good formatting job -- who knows what could happen once we have vulnerabilities embedded directly into the hardware. One could certainly imagine a trojan that was hard-coded in the firmward and kept moving itself around the disc after attempts to delete it.
It's also seems fishy that much sensitive information (of relevance to a foreign government) could be obtained from randomly putting trojans on hard drives... Isn't it possible that this was an unintentional infection from some disk-handling or testing machine along the line?
--
Educational microcontroller kits for the digital generation.
By the way, it isn't a trojan. A trojan is software that convinces the user to install it by looking like something else that the user might want to install. While this may certainly qualify as malware, it isn't a trojan.
maybe a format of the drive when its purchased will fix. Or because its malware does this mean its going to be embedded into the hardware? It goes to show that we can't even rely on our hardware now without some big "brother" sending information back.
Look Forge | Free Classifieds Buy and Sell http://www.lookforge.com/
Please add to your host files:
127.0.0.1 www.nice8.org
127.0.0.1 www.we168.org
not for external USB drives that are already pre-formatted with a FAT32 filesystem. Plug it in and go! your box is pwn3d.
NO CARRIER
And China still openly considers the USA to be an enemy. Why manufacturers subject themselves to these liabilities I'll never... Oh wait - they make more money even if they kill children with GHB overdoses, cripple their brains with lead, or export National secrets and financial data to China.
What the hell was I thinking? American businesses that outsource to China are no better than spies and traitors themselves. For all the damage they do, they might as well be.
Comment removed based on user account deletion
So this is not a hoax, after all.
Autorun can definitely run exe's, that's its main purpose. That's how the installer automatically starts up when you insert a game or application CD. It's possible that the exe needs to be signed or something, but it's more likely that whatever program you were using simply "did it wrong".
Don't forget that you can also disable autorun permanently, rather than having to remember to hold shift every time you insert a disc.
Wrong, the trojan is not set to autorun, the computer is set to autorun. The trojan just contains files that means it will be autorun if the computer is set to do so. There's a difference here. I don't know how anybody ever thought that having computers automatically run executable programs without any user intervention was a good thing, but personally, I can't see how computers are still configured by default to run any drive you hook up to them.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
I once bought a computer with Windows preinstalled.
If you mod this up, your slashdot background will turn into a beautiful sunset!
Default Windows settings would run the trojan once you plugged the drive in. To avoid this you either have to hold shift for an indeterminate amount of time while plugging the drive in, which can be difficult or impossible. With such a drive you're likely to use a more inaccessible port because you likely won't be needing to unplug it much. The only other alternative is to disable autorun for removable drives. This option is not available in the standard GUI and third party tools (or TweakUI) are needed.
Comment removed based on user account deletion
They figured it was a time saving feature that would save bandwidth for the buyer having the Trojans preinstalled.
Why oh why does Microsoft still automatically run software off any disk that's inserted into your PC? Surely decades of floppy-carried virii should have convinced them of what a frigging stupid idea that is?
Only if you disabled NTLDR as well....
"I've got more toys than Teruhisa Kitahara."
Perhaps the EU can take up their case.
Have gnu, will travel.
Try putting this in your autorun.inf:
[autorun]
shell\silly=You're silly
shell\silly\command=calc.exe
shell=silly
now remove and reinsert the USB device. Hmm.. nothing happens.. how strange. Go to My Computer and double click on I: (or whatever your drive is mapped to) and what happens? Yeah, calc.exe is run. Thanks Microsoft.
You may now flame away.
How we know is more important than what we know.
What happens when they put malware in the BIOS on your motherboards.
How will you know? How will you get rid of it, (I know flash the
BIOS, but maybe the BIOS doesn't want to be flashed.)
There's talk that the next war will be a cyberwar. I guess that's
better than the other kind, but these are some of the ways to do it
I'd say.
In theory, theory and practice are the same; in practice they're different. (Yogi Berra & A. Einstein)
The article doesn't state it but this seems to be the worm W32.Drom. Symantec rates the threat as Very Low with 0-49 total infections. Take that with however many grains of salt you wish.
By "Trojans Found In New HDs Sold In Taiwan", I thought they meant condoms.
(OK, who's the comedian? My catchpas is "durable".)
Why would the Chinese government do something so obvious? And the drives were sold in Taiwan? Given the relationship between the Chinese and the Taiwanese... it seems more like this was _meant_ to be found in order to destabilize the Taiwan economy more than to do any sort of real information gathering... if the Chinese government wanted to gather information I'm sure they could and would be far more covert than this... and compared to the other systems they surely have in place this is nothing.....
This is not as simple as it seems I think but instead is meant to be discovered in order to produce reactions similar to many of the posts I have read so far
Just a guess tho, but there's more going on here than is in this story
a) sloppy manufacturing picks up loose malware b) deliberate infection by teenage haxor, perhaps for prestige, perhaps for cash c) deliberate, by botnet agent d) deliberate, by government agent e) deliberate, by aliens, illuminati, JFK, and cmdr taco - Found for sale only in Taiwan so far / aimed at Taiwan? Only 1800 drives reported infected, 300 sold. Infection reported to be found initially by consumers. Doesn't sound particularly sophisticated to me. My bet is on (a).
American businesses that outsource to China are no better than spies and traitors themselves.
I realize you are merely repeating a popular but false meme so please do not think I am being harsh with you personally, it's the meme that I am being harsh with.
The notion that corporations are to blame for outsourcing to China is beyond naive. We the consumers, not the corporation are to blame! We have essentially forced corporations to outsource by our consideration of virtually nothing beyond price. Business is a Darwinian process. That first corporation that experimented with outsourcing was *rewarded* by consumers rather than punished. Corporations had little choice, jump on the outsourcing bandwagon or go out of business.
If you do not like outsourcing look at the labeling on packaging. Sometimes this requires a little extra effort. I needed a set of screwdrivers and in the regular tools section everything at the local Home Depot was an import. I accidentally found some manufactured in the USA elsewhere in a "professional tools" section. Maybe its not too late.
echo 'Header append X-HD-DVD "0x09f911029d74e35bd84156c5635688c0"' >>
In Australia we get a lot of professional tools from the USA. They end up managing telecommunications and other technology companies. I ask you citizens of the United States for the good of the reputation of your country to keep those managers who are complete tools within your borders, cut off their cocaine supply and put them to work sweeping floors somewhere where they can not do much damage with their remaining brain cells.
[Troll]
That's the problem with Windows. It doesn't Just Work(tm). You have to know these cryptic menus to edit databases just to keep your new USB drive from running whatever application happens to be on it. Maybe one day Microsoft could start doing some real usability testing and get Windows to be as easy for a new user as Linux.
[/Troll]
autorun.inf and ghost.pif, yeah, right. Who still uses windows, AND has autorun enabled?
Answer : Everyone. Even geeks give up configuring Windows to that point after one hundred reinstalls. Or they give up on Windows already... Okay, "who does not reformat new HDs before use?"
Who buys Maxtor HDs anyway? Never had one that even lasted till the end of warranty, used 8 of those in under two years. And there are not enough hours in one year to make up for the order of magnitude between announced and effective MTBF. (168*52 = way less than "tens of thousands of hours".)
Not that I excuse them for dataraping their customers. The exec that ordered that should be put to a very slow and painful death. With the Maxtor engineering team. (If there even IS one.)
Making laws based on opinions that stem up from false informations leads to witch hunts.
> It's a windows GUI tool.
Not for XP Home or other crippled MS products...
I think many folks in Taiwan would have an issue with this statement.
A quick history lesson. The aborignal people of taiwan are actually connected to the other oceania aborignes (e.g. native of the other islands like the philippines, malaysia, and indonesia). The mainland Ming and Qing dynasties (pre-cursors to modern china) never really considered the island as part of their "middle kingdom".
Meanwhile, the Dutch that colonized the island which they called Formosa (which is now Taiwan) to use as their base to trade with Japan. This was managed by the Dutch East India Company (Spain briefly tried to hone in on the island, but were driven out by the Dutch).
Eventually, the conflicts that led to the formation of modern china, spilled over to the island. Koxinga, a Ming dynasty warlord/general/rebel (born in japan to a mother who was japanese and a Ming dynasty general) overthrew the dutch on Formosa to establish a base for Ming dynasty rebels that wanted to re-take over the Qing dynasty. This event has historically been cited by the chinese as their historic claim over the island, but it seems no more valid than the Dutch claim which is basically moot (since as we know possesion is more than 9/10 of international law).
Of course the Japanese eventually defeated the Chinese in the Sino-Japanese war and the Qing ceded Taiwan to Japan as part of the Treaty of Shimonoseki. Japan basically occupied Taiwan until the end of WWII.
During the resolution of WWII and the Japanese surrender, basically, Japan was forced to give up all the territories that it gained all the way back from the end of WWI from the Republic of China which included the island of Formosa. The decision of who the territories should fall to were left up for the final Treaty of Peace with Japan which left the decision to the winners of WWII in the Pacific (basically the US, the UK and Soviet Union and the ROC).
Of course after WWII, this was all complicated as the Republic of China which was generally considered the KMT government at the time was overthrown by the People's Republic of China (Mao, etc) and the KMT government retreated and occupied Taiwan for many years claiming that they were still the KMT/ROC. That and the beginnings of the cold war power struggles led to the controversial Treaty of San Francisco which officially ended WWII in the pacific required that Japan cede Taiwan to one of the "winners" which due to a complicated set of circumstances, the ROC or the PRC were never specified (since they weren't invited to be part of the treaty because of the civil war at the time there was no agreement on who the government was).
In fact with some stretching, it's possible to conclude that the Treaty of San Francisco actually leaves Taiwan as an occupied territory of the United States (sort of like berlin was occupied by 4 powers at the end of the war in europe).
So it's actually debatable that Taiwan is even a country and if it is, if it is actually part of China or an independent country in it's own right...
Windows knows better than you do what should be done with a new drive. And if it doesn't, that's your tough schist. After all, you're not foolish enough to believe you actually own your computer once you've put Windows on it and connected to the Wild Wild Web? Your friendly global software megalomaniac "owns" it, and some pimply-faced teenager from East Slobodnia pwns it. Don't like that? Use another system....
seriously - autorun (for ANY media - optical or other) should be one of those times when Windows puts up a dialog saying "I'm about to run the autostart program from this drive you just connected. Yes/No/Format?" Any "security" system worth its weight in used toilet paper should do that for you.
"seriously - autorun (for ANY media - optical or other) should be one of those times when Windows puts up a dialog saying "I'm about to run the autostart program from this drive you just connected. Yes/No/Format?" Any "security" system worth its weight in used toilet paper should do that for you.
Windows does this already. The first time you connect a drive or insert a CD/DVD, Windows first tries to determine the type of media (pictures, videos, data files, etc.) and presents a prompt asking you what you would like to do - Play the movie, open the pictures in preview, launch your mp3 player, etc. - and the users are the one who decides what Windows does. There is also a checkbox for "Always take this action" with that type of media, and as long as you don't check this (or, select "Always prompt me" and select "Always do this") Windows will not automatically do anything.
"But this one goes to 11!"
On behalf of every Linux user that's ever had to listen to Windows users making fun of /etc: <nelson>Ha-ha!</nelson>
Dewey, what part of this looks like authorities should be involved?