Malware Infects 70% of Seagate Central NAS Drives, Earns $86,400

An anonymous Slashdot reader writes: A new malware family has infected over 70% of all Seagate Central NAS devices connected to the Internet. The malware, named Miner-C or PhotoMiner, uses these hard-drives as an intermediary point to infect connected PCs and install software that mines for the Monero cryptocurrency... The crooks made over $86,000 from Monero mining so far.

The hard drives are easy to infect because Seagate does not allow users to delete or deactivate a certain "shared" folder when the device is exposed to the Internet. Over 5,000 Seagate Central NAS devices are currently infected.
Researchers estimates the malware is now responsible for 2.5% of all mining activity for the Monero cryptocurrency, according to the article. "The quandary is that Seagate Central owners have no way to protect their device. Turning off the remote access NAS feature can prevent the infection, but also means they lose the ability to access the device from a remote location, one of the reasons they purchased the hard drive in the first place."

That's not even the worst part

[damn_registrars]

The worst part of the story is that the HDD is made by Seagate and won't last more than 13 months regardless. The users think they bought a good network drive, until they go to retrieve their files and discover the drive has already bought the farm.

Re: That's not even the worst part

[BenJeremy]

An improved turd is still a turd. Not trusting Seagate... they once had a good reputation, then they bought Maxtor and apparently ditched all the Seagate side of the drive engineering and manufacturing in favor of Maxtor, because that was the exact moment their products went to complete shit.

I have purchased quite a few Seagate drives in the past 6 years, and all of them are now dead - most before they were online for 3 years. The first couple I figured were flukes... and there were always decent deals on Seagate externals; but no deal is worth it, not with these crap drives.

Re: That's not even the worst part

[hairyfeet]

Well the rumor that was going around on the builders forums at the time (they even had lists of serials to tell the difference between "Seagate" drives and "Maxgate" drives) is that when Seagate bought Maxtor they got a REALLY cheap ARM HDD controller from Maxtor...how cheap? So cheap they could build 4 of them for the price of a single Seagate controller. Now what company wouldn't want to drop the price on a major part by 75%?

The catch was this controller is buggy as fuck, especially if it gets hot. If you keep the drive super cool? It works fine, if the drive gets hot? It loses its little mind and forgets the HDD geometry and will slam the head because it doesn't know where the drive starts and ends. My own tests seem to back this up as I've had zero issues with Maxgate drives I put in a big old ATX case I have at the shop with a couple of 240mm fans front and back to push away any heat generated but if I put a Maxgate into a small PC box without a ton of fans? Its gonna fail, and the hotter the case the quicker the fail.

Re: Really?

This.

I have one of these devices. The first thing that must be done is to create an account on thw Seagate server. All account creation and password changes go through their server.

The devicw itself is utter crap. Linux OS with an NTFS formatted. The transfer speed using ethernet is comparable to dialup.

Stay away from anything Seagate / NAS. Waste of money.

Re:Funny how Slashdot users are okay with criminal

[mlts]

The criminals are virtually untouchable:

1: They are likely in countries of the world that have zero interest in turning them over for justice. In fact, they may be regarded as folk heroes or equivalents of Robin Hood, taking money from corporations or countries and bringing it to the region.

2: They are likely using employees to do the dirty work, with plenty of anonymity between them and the higher ups.

3: Malware can be traced, and a lot of people suggest origin, but code can be edited and spread anywhere in the world, so code that originally came from Latveria can be used and abused by people from Lower Elbonia, and if distribution is done, the whitehats may never know the real origin.

4: Compromising an endpoint isn't too difficult these days. If someone hacks a wi-fi router and compromises a home computer, all it takes is deleting the offending stuff securely, and that becomes a dead end.

5: For every one criminal, there are others behind them.

6: LEOs have many cases on their hands. It might be doubtful they may have the resources to handle anything but the big names, so chasing after every bad guy would be about as fruitful as chasing every pot smoker in the US.

Going after criminals is nice, but that is a game of whack-a-mole. Unfortunately, computer security is a defensive war, but there are useful tools on the whitehat end which can help mitigate attacks.

Long term, it may not be something is wanted in any shape or form, but I think what may end up happening is that countries themselves will demand control of the routers that go from one nation to another and enforce rules there. China has that, Iran is building it, and other countries are looking into blocking at their virtual borders, just like physical borders. It might be a token thing now, but as time goes on and money is put into it, it may become something all countries have in place, just so another country that has IP ranges that are hotspots for attack are blocked there, so every single Internet entity in the nation wouldn't have to deal with them.