Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Australian Retailer Accused of Selling Infected Hard Drives

Posted by samzenpus on from the what's-old-is-new dept.

skegg writes "Dick Smith, a major Australian electronics retailer, is being accused of regularly selling used hard drives as new. Particularly disturbing is the claim that at least one drive contained malware-infested pirated movies, causing the unlucky buyer significant data loss. Apparently the Fair Trading Commissioner will be conducting an investigation."

12 of 128 comments (clear)

  1. Standard Practice by acehole · · Score: 5, Interesting

    Seems standard practice with a lot of stores. Someone takes something back because they don't want or need it for whatever reason, the shop will just shrinkwrap it up again and the next buyer is none the wiser. I'm surprised that it hasn't happened sooner.

    On another note, so how exactly can a video file (pirated movie or not) be 'malware infested'?

    --
    Be you Admins? nay, we are but lusers!
    1. Re:Standard Practice by hairyfeet · · Score: 4, Interesting

      Basically any file type that can have a link to a webpage embedded, I believe both .MPG and .WMV are capable of this and a player that will launch the link without asking which WMP 9 was the last WMP I believe that would launch a weblink without asking but I'm sure there were others. Basically how it works is like this: You try to play infected video, video launches default browser to embedded website and then if the browser is unpatched or has any known vulnerabilities you get hit with a driveby. I used to see this trick often here at the shop in the era of fastrack and Limewire, people would look for the latest blockbuster and not think about formatting and get screwed.

      As for TFA? Frankly don't surprise me as I've seen the same thing from Best Buy in my area which just reshrinkwraps returned items and will just put them back on the shelf. Funny part is I found out when a local preacher went there and bought an external drive and when first plugged into Windows it asked if he wanted it to play the videos. Well the old guy thought it must be some "Welcome to your new drive" kind of thing and launched it only to be looking at a gangbang vid. Needless to say he freaked and brought it to me thinking his PC must have been hacked!

      Frankly anything these big box retailers do anymore really doesn't surprise me which is why i tell folks to ask around and see if the people that have bought from them before were happy. I'm happy to point any potential customers towards previous customers if they want to ask, because i'm proud of my work, but I've seen some of these places...wow is all I got to say. Hell i know so many horror stories from some of these places it ain't even funny, parts ending up "missing" from the PC when they took it to get cleaned, a PC going in for an OS upgrade only to come out with a cheaper graphics card than what it went in with, and stolen RAM is practically SOP in some places. Finally just like in TFA I've seen parts so obviously used sold to customers as new, hell some they didn't even bother blowing dust out the fan or like with the preacher even emptying the drive first.

      So I hope they get seriously busted for this and get hit with MASSIVE fines, otherwise they'll just consider it the cost of doing business and continue. I just couldn't do it myself, I take pride in the things I sell and build and try to get the customer the best deal I can. If something is used I tell them upfront and tell them the price difference and let them decide. Of course all drives going through my place are wiped first!

      --
      ACs don't waste your time replying, your posts are never seen by me.
    2. Re:Standard Practice by KXeron · · Score: 5, Informative

      The parent couldn't be more correct.

      People discount regular data files as being malicious simply because they're not labelled executables. What they don't think is that those files are opened by executables. These executables are often trusted programs which makes this an even bigger threat to a system as the malicious code can run hidden under the legitimate process and do its work. There's anything from buffer overruns to file parsing mistakes in the programs that can open them up to become a conduit for abuse.

      An example of this is Adobe Reader's countless exploits with the PDF file format.

    3. Re:Standard Practice by KXeron · · Score: 4, Informative

      This is an incorrect assertion, an assertion my previous post debunked, but I suppose I'll re-explain:

      You could have a drive full of PDFs, you could have it full of PNGs, whatever file format you'd like. You could mount the drive as noexec, however when it comes down to it, a trusted program (NOT ON THAT DRIVE) can interact with those files and since file formats can be complex AND since the programs opening them are also complex, there's a chance that the program will be vulnerable to a crafted file that tricks the program to do something that a "regular movie" or whatever wouldn't do and may not have been tested for.

      If you've written a file parser of any kind, you'll see how complicated it gets in having your program code check the file for abnormalities before interacting with it. This complexity is a steep curve and all it takes is not checking an array boundary for your program to mistakenly leak data memory into its executable memory space.

      The old addage plays correct here: Never trust user inputs.

  2. Nothing new by StefanWiesendanger · · Score: 5, Interesting

    I once bought various "new" components from a shop here in Switzerland and after assembling my PC, I was surprised that it booted up with Windows without me installing anything yet... it even contained some PGP keys of the company how bought the disks before me and returned them (and yes, of course I got in contact with them and told them). Well, it had the nice effect for me that in the end I got all the components for free ;-)

  3. Re:What? by Penguinshit · · Score: 4, Informative

    The summary is wrong. The article says that the drive "was filled with pirated movies and which, he suspects, contained malware that corrupted his work."

    He is embellishing for the media or trying to claim the dog ate his homework (or dingo ate his baby? ).

    --

    I have something in common with Stephen Hawking...

  4. Re:What? by Gavin+Rogers · · Score: 5, Interesting

    Selling used stuff as new aside for a second

    Umm. No.

    The media blowup is being fuelled by "I bought a hard disk and it had hard core porn on it!" sensationalism but seem to be ignoring this deeper issue -
    Dick Smith Electronics, Harvey Norman, JB-HiFi and the rest have been getting away with it for years but the fact is selling used goods (no matter how good a condition it's in) as new is illegal.

    They can ask the same price for it if the return is in great condition but they can't just seal it back up and pop it back on the shelf next to the new unopened boxes.

  5. Re:Dick Smith by scdeimos · · Score: 4, Informative

    Actually, Dick Smith is a great guy. Dick Smith Electronics on the other hand has been owned by Woolworths for over 20 years now and is useless compared to its former glory.

  6. DSE = Radio Shack by ukoda · · Score: 5, Interesting

    For those who don't live in Australia or New Zealand DSE is like Radio Shack but has suffered a worse decline in to just another appliance store. Like Radio Shack DSE used to sell electronic components to the general public and like Radio Shack they have shifted focus to selling appliances. The biggest difference is that if you spend long enough looking it is still possible to find and purchase a resistor at Radio Shack, but at DSE you can't anymore. While the staff at DSE are nice enough people they are low paid drones who often would not think of issues such as formatting returned media. While there may be a company policy on the issue it is probably just one of dozens the staff are meant to follow but, as minimum wage workers, may forget or ignore.

  7. As a former employee... by Anonymous Coward · · Score: 5, Insightful

    ...this kind of thing was prevalent throughout the company. We would frequently be expected to sell used and returned stock without being given any real freedom in regards to marking it down. This led to a culture of lying to customers, especially in cases where it was not evident that the stock had been used.

    Of course, used stock would be sold as new to customers all the time.

    It even extended to returns on products that were in sealed packaging, despite having a clearly posted 14 day no questions asked refund policy we would be expected to tell customers that we wouldn't provide a refund, even if it was something that wasn't functioning as the customer expected (although within manufacturers specs).

  8. Re:14 days return by syousef · · Score: 4, Informative

    I don't know how it is in Australia, but around here, you can return anything you bought online within 14 days and get your money back (as long as you can actually return it as you got it, so food/software etc usually not included).
    What do people expect happens to stuff that gets returned? Of course it goes on sale again. Otherwise selling online would be economic suicide...

    In Australia it is illegal to re-sell used returned goods as new. The goods can be re-sold but must clearly be marked as returned items, and usually a discount is offered for accepting the goods in this condition. (The discount might not be offered if the item is in high demand).

    What's more if goods have been returned and the item registered or activated online or similar they are not suppose to sell the item. That is the secondary reason that computer software isn't returnable at most stores (though there are exceptions like EB games).

    --
    These posts express my own personal views, not those of my employer
  9. Had this happen to me by lucidlyTwisted · · Score: 5, Interesting

    Well, a friend. Their HDD had died and they asked me what to do. "Buy a new one" says I. Turns out they had no back-ups of pictures etc, so I offered to try a recovery (no promises and I warned them everything could be lost). Anyhoo, the recovery worked with the failed HDD working as a slave to the new one. I picks up loads of deleted pictures and felt rather chuffed with my little self.

    "You seems to have made loads of friends on that Egypt trip." I say.
    "Never been to Egypt." they reply.

    It takes 5 seconds for me to twig that donkey-boy here had done the recovery on the wrong HDD and more stuff was still being found. School reports, banking spreadsheets, tonnes of stuff. Not really what one expects to find on a "new" HDD. Once I had the pictures recovered from the correct drive (and backed-up) my friend took the "new" HDD back to the shop for a bit of a word.

    Selling hooky equipment to a police officer? Not one of the storekeeper's greatest ideas. And for the previous owner, there was enough information on there for someone to do them serious ill. Luckily for them, my friend made the storekeeper physically destroy the drive (and got a full refund).

    There's no issue with selling 2nd hand kit, just advertise it as such and make sure it's properly wiped first.