Slashdot Log In
Trojan Found In New HDs Sold In Taiwan
Posted by
kdawson
on Sun Nov 11, 2007 10:36 PM
from the bourne-again dept.
from the bourne-again dept.
GSGKT writes "About 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand were found to have trojan horse malwares pre-installed (autorun.inf and ghost.pif). When the HD is in use, these forward information on the disk to two websites in Beijing, China: www.nice8.org or www.we168.org. The article implies that authorities believe the Chinese government is behind the trojans. A later article pins down the point of infection to a subcontractor company in China. A couple of months back the Register was reporting on pre-installed malware detected on Maxtor disks sold in the Netherlands. This earlier report was downplayed by a Seagate spokesman." The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.
Related Stories
[+]
IT: Russian Phishers Moving to China? 67 comments
Hugh Pickens writes "The Russian Business Network, an ISP and Web hosting provider based in St. Petersburg, whose client list amounts to a laundry list of organized cybercrime operations appears to have closed shop after a number of its main upstream Internet providers severed ties with the group. The disappearance of RBN comes less than a month after Brian Krebs of the Washington Post wrote a series of stories detailing the organization and history of the shadowy ISP. However, experts at anti-spam group Spamhaus say there are strong indications that a huge swath of Internet space recently established in China may soon emerge as the next incarnation of the Russian Business Network. In related news FBI Director Robert S. Mueller, III gave a speech on cybercrime earlier this week where he said that the FBI has 60 Legal Attaché offices around the world working with partners in Russia, Romania,Poland, Hungary, Italy, and Estonia, among others, to investigate international cyber threats."
[+]
IT: Malware Distribution Through Physical Media a Growing Concern 141 comments
twitter brings us a story about the increasing number of digital devices reaching consumers with malware already installed. In this case, digital photo frames from three different Sam's Club stores were found to contain the same type of malicious code. We discussed a similar problem with iPods a while back, as well as a more recent situation with Maxtor hard drives. Quoting the Register:
"While a compromise at the manufacturer is the most likely scenario, ISC's Sachs also pointed to retailers as a possible point of infection. Returned products, which could have been infected by the consumer, are frequently put back on the shelf, if they are in sale-able condition, and attackers could take advantage of a store's poor digital hygiene, he said. 'Trying to (infect a product) all the way back at the factory — getting it through all the checks and balances — would be pretty hard to do,' he said. 'But doing it at the store, where there might be loose return policies, and (where) they put it back on the shelf - you are not going to get a million infections, but you might get a person from an investment bank next door.'"
[+]
Digital Picture Frames Infected by Trojan Viruses 174 comments
CR0WTR0B0T writes "The San Francisco Chronicle is running a story on viruses loaded into digital picture frames, similar to the ones we discussed at the end of last year. The difference is in the virus used: 'The authors of the new Trojan Horse are well-funded professionals whose malware has 'specific designs to capture something and not leave traces ... This would be a nuclear bomb of malware.' Apparently, a number of regular folks have hooked them up to their home computer and loaded the virus. And if you think you're too smart to be fooled, apparently the Anti-Virus software makers have not caught up to the threat quite yet."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Same (Score:5, Interesting)
Oh, malware... (Score:5, Funny)
(OK, who's the comedian? My catchpas is "durable".)
Re:Oh, malware... (Score:5, Funny)
That would suck. Imagine hundreds of geeks getting a box in the mail from NewEgg filled with a product you have no use for.
First off... (Score:5, Funny)
Re:First off... (Score:4, Informative)
In the case of preformatted external drives (which this one is supposed to be), however, not only will the drive immediately become available for access as soon as it's connected, Windows may also try to autorun any programs listed in the drive's autorun.inf.
Re:First off... (Score:5, Informative)
Re:First off... (Score:5, Funny)
Re:First off... (Score:5, Informative)
Works for USB drives and CD-ROMS.
[2007/10, from:
http://www.mydigitallife.info/2006/09/11/disable-auto-run-and-auto-play-of-u3-smart-drives-launchpad/%5D [mydigitallife.info]
1. Click Start -> Run.
2. Type RegEdit in the Open text box, then press ENTER.
3. In the Registry Editor, locate and click the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom
4. Modify the value of the Autorun to 0 (zero) so that CD-ROMs and Audio CDs do not run and start automatically when inserted.
5. Next navigate to the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
6. Modify the value of the NoDriveTypeAutoRun entry to 0xb5 value to turn off the AutoRun feature for CD-ROMs by right-click NoDriveTypeAutoRun and then click Modify to type B5 in the Value data box. Select Hexadecimal, and then click OK.
7. Quit Registry Editor.
8. Restart your computer.
Troll Alert... (Score:5, Insightful)
That's the problem with Windows. It doesn't Just Work(tm). You have to know these cryptic menus to edit databases just to keep your new USB drive from running whatever application happens to be on it. Maybe one day Microsoft could start doing some real usability testing and get Windows to be as easy for a new user as Linux.
[/Troll]
Re:Nope (Score:5, Informative)
gpedit.msc
It's a windows GUI tool.
Computer Configuration > Click "Administrative Templates" > Click "System" > Double-Click "Turn off Autoplay", set it for "All Drives" and click the "apply" button.
It's a bargain! (Score:5, Funny)
Thank goodness for Chinese manufacturing (Score:4, Interesting)
Can't trust hardware anymore? (Score:4, Insightful)
The increasing level of integration means that hardware is more and more of a black box. While this has led to huge savings in cost and performance boosts, we've paid for it by being unable to debug the hardware, and unsure of what's really going on inside.
While the case in the article talks specifically about a trojan horse installed normally on the drive -- and thus something that should have been remedied by a good formatting job -- who knows what could happen once we have vulnerabilities embedded directly into the hardware. One could certainly imagine a trojan that was hard-coded in the firmward and kept moving itself around the disc after attempts to delete it.
It's also seems fishy that much sensitive information (of relevance to a foreign government) could be obtained from randomly putting trojans on hard drives... Isn't it possible that this was an unintentional infection from some disk-handling or testing machine along the line?
--
Educational microcontroller kits for the digital generation. [nerdkits.com]
Not a trojan (Score:4, Insightful)
Re:Not a trojan (Score:5, Insightful)
Something else like a... hard disk?
Re:Not a trojan (Score:5, Interesting)
Two cases here. First, you got an external USB HDD. It often contains lots of software. I have a Seagate USB/FireWire HDD, it comes with FreeAgent backup and configuration software. I bought the software with the HDD unit, they are one set. I would be an idiot if I format the HDD first.
Another case is when you get an internal HDD that is supposed to be unformatted. But you don't know if it is or isn't - not before you install it into your Windows box and power it up. If the HDD is blank, as it should be, then you need to format it, and all is well. However if it is already formatted for you and contains something, Windows has no way of knowing why it is so, and it will treat it as any other removable drive - namely, will read the autorun.inf and proceed running all the viruses in the world that the drive may contain, all that before you even realize that something is wrong.
In either case, if your antivirus finished loading by this time it may save you, if it is good enough. But I recall some recent review that claimed that a typical antivirus fails to catch as many as half of the viruses.
Obilgitory HOSTS comment: (Score:5, Informative)
127.0.0.1 www.nice8.org
127.0.0.1 www.we168.org
Re:Obilgitory HOSTS comment: (Score:5, Funny)
So why ignore when you can use up their bandwidth and screw up their database. Just an idea.
It could be worse (Score:5, Funny)
It was meant to benifit the customer (Score:4, Funny)
Just more proof that autorun is insanely stupid (Score:5, Insightful)
Re:How would that even work (Score:4, Interesting)
that said.. (Score:5, Interesting)
[autorun]
shell\silly=You're silly
shell\silly\command=calc.exe
shell=silly
now remove and reinsert the USB device. Hmm.. nothing happens.. how strange. Go to My Computer and double click on I: (or whatever your drive is mapped to) and what happens? Yeah, calc.exe is run. Thanks Microsoft.
You may now flame away.
Re:It's times like this... (Score:5, Funny)
Only if you disabled NTLDR as well....
It's bad beyond a joke - so time for one (Score:5, Funny)
In Australia we get a lot of professional tools from the USA. They end up managing telecommunications and other technology companies. I ask you citizens of the United States for the good of the reputation of your country to keep those managers who are complete tools within your borders, cut off their cocaine supply and put them to work sweeping floors somewhere where they can not do much damage with their remaining brain cells.