Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Found In New HDs Sold In Taiwan

Posted by kdawson on from the bourne-again dept.

GSGKT writes "About 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand were found to have trojan horse malwares pre-installed (autorun.inf and ghost.pif). When the HD is in use, these forward information on the disk to two websites in Beijing, China: www.nice8.org or www.we168.org. The article implies that authorities believe the Chinese government is behind the trojans. A later article pins down the point of infection to a subcontractor company in China. A couple of months back the Register was reporting on pre-installed malware detected on Maxtor disks sold in the Netherlands. This earlier report was downplayed by a Seagate spokesman." The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.

22 of 344 comments (clear)

  1. Same by renegadesx · · Score: 5, Interesting

    Lead in paint, malware in HD's same thing really

    --
    Make SELinux enforcing again!
  2. First off... by explosivejared · · Score: 5, Funny

    Anyone who doesn't wipe a new drive first off is just begging for this sort of thing. Secondly, I guess it's a new competition for Chinese manufacturers to see what's the worst secret addition to a product sent overseas. Lead in toys, GHB in toys, phone-homes on HDD's... what's next killer bees in new TV's... really. Consumerism bites!!

    --
    I got a catholic block.
    1. Re:First off... by Anonymous Coward · · Score: 4, Funny

      >I'm not sure how Windows actually handles "mounting" behind the scenes

      Simple. You install Windows, and feel as if you were being mounted by Ball-mer. With a chair.

    2. Re:First off... by colfer · · Score: 5, Informative

      Overriding autorun can be done in the registry, so you don't have to remember to hold down the shift key. Does it work for USB hard drives? Probably. These are the notes I have.

      Works for USB drives and CD-ROMS.
      [2007/10, from:
      http://www.mydigitallife.info/2006/09/11/disable-auto-run-and-auto-play-of-u3-smart-drives-launchpad/%5D

            1. Click Start -> Run.
            2. Type RegEdit in the Open text box, then press ENTER.
            3. In the Registry Editor, locate and click the following registry key:

                  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom
            4. Modify the value of the Autorun to 0 (zero) so that CD-ROMs and Audio CDs do not run and start automatically when inserted.
            5. Next navigate to the following registry subkey:

                  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
            6. Modify the value of the NoDriveTypeAutoRun entry to 0xb5 value to turn off the AutoRun feature for CD-ROMs by right-click NoDriveTypeAutoRun and then click Modify to type B5 in the Value data box. Select Hexadecimal, and then click OK.
            7. Quit Registry Editor.
            8. Restart your computer.

    3. Re:First off... by timeOday · · Score: 5, Funny

      Sssh! The shift key is a copy-protection circumvention measure of questionable legality!

  3. It's a bargain! by techmuse · · Score: 5, Funny

    Most PCs ship without professionally produced malware installed. While everyone might *wish* that their PC came with such software, only a small percentage of customers are actually lucky enough to get their malware free of charge. Mac users, don't feel bad that your system won't come with it. You get iLife. :-)

  4. Thank goodness for Chinese manufacturing by JewGold · · Score: 4, Interesting

    I mean, so what if there's a trojan that steals my identity and turns my computer into a botnet node? So what the materials it's comprised of let off poisons that will kill me and my whole family? I saved $6 on this baby!

    --
    Is this a news report or a trailer for a motion picture?
  5. Can't trust hardware anymore? by compumike · · Score: 4, Insightful

    While the open source movement has done a great deal toward making software understandable, at some point, people have to trust their computers. However, this used to be a great deal easier, because engineers had a good idea of what could be done with a particular amount of circuitry.

    The increasing level of integration means that hardware is more and more of a black box. While this has led to huge savings in cost and performance boosts, we've paid for it by being unable to debug the hardware, and unsure of what's really going on inside.

    While the case in the article talks specifically about a trojan horse installed normally on the drive -- and thus something that should have been remedied by a good formatting job -- who knows what could happen once we have vulnerabilities embedded directly into the hardware. One could certainly imagine a trojan that was hard-coded in the firmward and kept moving itself around the disc after attempts to delete it.

    It's also seems fishy that much sensitive information (of relevance to a foreign government) could be obtained from randomly putting trojans on hard drives... Isn't it possible that this was an unintentional infection from some disk-handling or testing machine along the line?

    --
    Educational microcontroller kits for the digital generation.

  6. Obilgitory HOSTS comment: by killmofasta · · Score: 5, Informative

    Please add to your host files:
    127.0.0.1 www.nice8.org
    127.0.0.1 www.we168.org

    1. Re:Obilgitory HOSTS comment: by lordofthechia · · Score: 5, Funny

      Why not take some initiative.You can block the sites, or you can send them what they want! DATA! Send them lots of data, format it like it was sent with the virus and have fun coming up with a random assortment of websites to include in it (sure we could thing of a couple).

      So why ignore when you can use up their bandwidth and screw up their database. Just an idea.

      --
      Georgia Tech, the leader in Chia(tm) technology.
  7. Re:Not a trojan by Megane · · Score: 5, Insightful

    A trojan is software that convinces the user to install it by looking like something else that the user might want to install.

    Something else like a... hard disk?

    --
    #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  8. It could be worse by Tribbin · · Score: 5, Funny

    I once bought a computer with Windows preinstalled.

    --
    If you mod this up, your slashdot background will turn into a beautiful sunset!
  9. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  10. Just more proof that autorun is insanely stupid by 0123456 · · Score: 4, Insightful

    Why oh why does Microsoft still automatically run software off any disk that's inserted into your PC? Surely decades of floppy-carried virii should have convinced them of what a frigging stupid idea that is?

  11. Re:It's times like this... by ozmanjusri · · Score: 4, Funny
    I'm equally safe

    Only if you disabled NTLDR as well....

    --
    "I've got more toys than Teruhisa Kitahara."
  12. that said.. by QuantumG · · Score: 4, Interesting

    Try putting this in your autorun.inf:

    [autorun]
    shell\silly=You're silly
    shell\silly\command=calc.exe
    shell=silly

    now remove and reinsert the USB device. Hmm.. nothing happens.. how strange. Go to My Computer and double click on I: (or whatever your drive is mapped to) and what happens? Yeah, calc.exe is run. Thanks Microsoft.

    You may now flame away.

    --
    How we know is more important than what we know.
  13. Oh, malware... by Anonymous Coward · · Score: 5, Funny

    By "Trojans Found In New HDs Sold In Taiwan", I thought they meant condoms.

    (OK, who's the comedian? My catchpas is "durable".)

    1. Re:Oh, malware... by SeaFox · · Score: 5, Funny

      By "Trojans Found In New HDs Sold In Taiwan", I thought they meant condoms.

      That would suck. Imagine hundreds of geeks getting a box in the mail from NewEgg filled with a product you have no use for.
  14. Re:Not a trojan by tftp · · Score: 4, Interesting
    A hard disk is mostly... hardware. There's a little software in it, even in a good, uninfected unit

    Two cases here. First, you got an external USB HDD. It often contains lots of software. I have a Seagate USB/FireWire HDD, it comes with FreeAgent backup and configuration software. I bought the software with the HDD unit, they are one set. I would be an idiot if I format the HDD first.

    Another case is when you get an internal HDD that is supposed to be unformatted. But you don't know if it is or isn't - not before you install it into your Windows box and power it up. If the HDD is blank, as it should be, then you need to format it, and all is well. However if it is already formatted for you and contains something, Windows has no way of knowing why it is so, and it will treat it as any other removable drive - namely, will read the autorun.inf and proceed running all the viruses in the world that the drive may contain, all that before you even realize that something is wrong.

    In either case, if your antivirus finished loading by this time it may save you, if it is good enough. But I recall some recent review that claimed that a typical antivirus fails to catch as many as half of the viruses.

  15. Re:Nope by LurkerXXX · · Score: 5, Informative

    3rd party tools? Who needs 3rd party tools?

    gpedit.msc

    It's a windows GUI tool.

    Computer Configuration > Click "Administrative Templates" > Click "System" > Double-Click "Turn off Autoplay", set it for "All Drives" and click the "apply" button.

  16. It's bad beyond a joke - so time for one by dbIII · · Score: 4, Funny

    I accidentally found some manufactured in the USA elsewhere in a "professional tools" section

    In Australia we get a lot of professional tools from the USA. They end up managing telecommunications and other technology companies. I ask you citizens of the United States for the good of the reputation of your country to keep those managers who are complete tools within your borders, cut off their cocaine supply and put them to work sweeping floors somewhere where they can not do much damage with their remaining brain cells.

  17. Troll Alert... by Belial6 · · Score: 5, Insightful

    [Troll]
    That's the problem with Windows. It doesn't Just Work(tm). You have to know these cryptic menus to edit databases just to keep your new USB drive from running whatever application happens to be on it. Maybe one day Microsoft could start doing some real usability testing and get Windows to be as easy for a new user as Linux.
    [/Troll]