Trojan Found In New HDs Sold In Taiwan

Trojan Found In New HDs Sold In Taiwan 344

Posted by kdawson on Sunday November 11, 2007 @10:36PM from the bourne-again dept.

GSGKT writes "About 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand were found to have trojan horse malwares pre-installed (autorun.inf and ghost.pif). When the HD is in use, these forward information on the disk to two websites in Beijing, China: www.nice8.org or www.we168.org. The article implies that authorities believe the Chinese government is behind the trojans. A later article pins down the point of infection to a subcontractor company in China. A couple of months back the Register was reporting on pre-installed malware detected on Maxtor disks sold in the Netherlands. This earlier report was downplayed by a Seagate spokesman." The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.

Trojan Found In New HDs Sold In Taiwan

This discussion has been archived. No new comments can be posted.

Search 344 Comments Log In/Create an Account

Comments Filter:

First off... (Score:5, Funny)

by explosivejared ( 1186049 ) writes: <hagan@jared.gmail@com> on Sunday November 11, 2007 @10:41PM (#21318507)

Anyone who doesn't wipe a new drive first off is just begging for this sort of thing. Secondly, I guess it's a new competition for Chinese manufacturers to see what's the worst secret addition to a product sent overseas. Lead in toys, GHB in toys, phone-homes on HDD's... what's next killer bees in new TV's... really. Consumerism bites!!

It's a bargain! (Score:5, Funny)

by techmuse ( 160085 ) writes: on Sunday November 11, 2007 @10:42PM (#21318517)

Most PCs ship without professionally produced malware installed. While everyone might *wish* that their PC came with such software, only a small percentage of customers are actually lucky enough to get their malware free of charge. Mac users, don't feel bad that your system won't come with it. You get iLife. :-)

Re:Obilgitory HOSTS comment: (Score:5, Funny)

by lordofthechia ( 598872 ) writes: on Sunday November 11, 2007 @10:55PM (#21318681)

Why not take some initiative.You can block the sites, or you can send them what they want! DATA! Send them lots of data, format it like it was sent with the virus and have fun coming up with a random assortment of websites to include in it (sure we could thing of a couple).

So why ignore when you can use up their bandwidth and screw up their database. Just an idea.

Re:Not a trojan (Score:3, Funny)

by Waffle Iron ( 339739 ) writes: on Sunday November 11, 2007 @10:58PM (#21318703)

Computer <-> Troy
SATA connector <-> City gate
Disk drive <-> Big wooden horse
Autorun file <-> Greek soldiers

Re:First off... (Score:3, Funny)

by MrAndrews ( 456547 ) * writes: <mcm@NOSpaM.1889.ca> on Sunday November 11, 2007 @11:07PM (#21318765) Homepage

Exactly! The TFA has a definite agenda... in reality, this is a competitive move by Maxtor [pttbt.ca]. You have to do extraordinary things to stand out in this global economy.

It could be worse (Score:5, Funny)

by Tribbin ( 565963 ) writes: on Sunday November 11, 2007 @11:16PM (#21318839) Homepage

I once bought a computer with Windows preinstalled.

It was meant to benifit the customer (Score:4, Funny)

by edwardpickman ( 965122 ) writes: on Sunday November 11, 2007 @11:23PM (#21318901)

They figured it was a time saving feature that would save bandwidth for the buyer having the Trojans preinstalled.

Re:First off... (Score:3, Funny)

by uncoveror ( 570620 ) writes: on Sunday November 11, 2007 @11:25PM (#21318915) Homepage

When I read that these drives were originally for government agencies, I suspected it might be Monkeypoo... VIRUS WARNING: Attention: Computer Labs Inc., makers of Virucide antivirus software have identified a highly dangerous new Trojan worm, MONKEYPOO. It will usually appear in an e-mail with the subject, "Congratulations.You have won!" it will then prompt you to click a link to collect your cash prize. It can also freely spread across networks. Monkeypoo will read your address book, and mail a copy of itself to every address it finds, and it will look like you sent it. It will then invoke the secret self-destruct command held over from the original IBM PC's 8086 command set. This short line of code will cause the processor, ram, hard drive and any floppy drives to spin out of control and overheat until key components melt together, and will most likely cause a fire. James Winklee, a former IBM programmer had this to say. "We developed the self-destruct code so government agencies such as the FBI and CIA could quickly and completely destroy compromised computer systems before an enemy could get their hands on classified information. When we saw how violently a PC executing the command burst into flames, we decided not to publish its existence. It has been kept a secret successfully until now. If you get infected with the Monkeypoo Trojan worm, you may notice your computer going completely haywire. Physically unplug it from power as fast as you can, and send it in for repair. Only a professional can remove this one." While Computer Labs Inc and other antivirus software makers are working on a solution, they haven't got one a home user could successfully run yet. "This is the worst kind of malicious code I have ever seen." said Marcus Polan of Computer labs Inc. Use extreme caution. It is important that as many computer users as possible receive this warning, so send it out to as many people as you can. The entire Internet and every PC connected to it is at risk.

Re:It's times like this... (Score:5, Funny)

by ozmanjusri ( 601766 ) writes: <aussie_bob@hoMOSCOWtmail.com minus city> on Sunday November 11, 2007 @11:35PM (#21319025) Journal

I'm equally safe
Only if you disabled NTLDR as well....

Re:First off... (Score:4, Funny)

by Anonymous Coward writes: on Sunday November 11, 2007 @11:39PM (#21319057)

>I'm not sure how Windows actually handles "mounting" behind the scenes

Simple. You install Windows, and feel as if you were being mounted by Ball-mer. With a chair.

Re:First off... (Score:3, Funny)

by dotgain ( 630123 ) writes: on Sunday November 11, 2007 @11:40PM (#21319063) Homepage Journal

Or in my case, it tries to assign a driver letter, fails because there's already a drive using that letter, and says:
24 Volumes ought to be enough for anybody. Bet you never thought you'd run out of drive letter, huh?

I think ... (Score:3, Funny)

by PPH ( 736903 ) writes: on Sunday November 11, 2007 @11:40PM (#21319067)

... the makers of third party malware should sue. Having OEM malware preinstalled is going to drive them out of business eventually.
Perhaps the EU can take up their case.

Re:Obilgitory HOSTS comment: (Score:3, Funny)

by IgnoramusMaximus ( 692000 ) writes: on Sunday November 11, 2007 @11:51PM (#21319127)

Please add to your host files: 127.0.0.1 www.nice8.org 127.0.0.1 www.we168.org

You bastard! I did and that unsavory host at 127.0.0.1 (isn't the 127.x range like the dark back-alleys of the Intertubes?) infected me with a nasty trojan, probably because it has like a million gajigabytes of completely illegal, pirated contents on it!! A veritable pirate hive, that! I hold you pesonally responsible for directing us, pure, innocent Slashdotters to it!

Oh, malware... (Score:5, Funny)

by Anonymous Coward writes: on Monday November 12, 2007 @12:01AM (#21319203)

By "Trojans Found In New HDs Sold In Taiwan", I thought they meant condoms.

(OK, who's the comedian? My catchpas is "durable".)

Re:First off... (Score:5, Funny)

by timeOday ( 582209 ) writes: on Monday November 12, 2007 @12:52AM (#21319551)

Sssh! The shift key is a copy-protection circumvention measure of questionable legality!

Re:Liar! (Score:3, Funny)

by Wingnut64 ( 446382 ) writes: on Monday November 12, 2007 @12:57AM (#21319575)

127.0.0.1 is MY computer!
That's amazing! I've got the same IP on my luggage!

It's bad beyond a joke - so time for one (Score:5, Funny)

by dbIII ( 701233 ) writes: on Monday November 12, 2007 @01:06AM (#21319617)

I accidentally found some manufactured in the USA elsewhere in a "professional tools" section

In Australia we get a lot of professional tools from the USA. They end up managing telecommunications and other technology companies. I ask you citizens of the United States for the good of the reputation of your country to keep those managers who are complete tools within your borders, cut off their cocaine supply and put them to work sweeping floors somewhere where they can not do much damage with their remaining brain cells.

Re:Oh, malware... (Score:5, Funny)

by SeaFox ( 739806 ) writes: on Monday November 12, 2007 @02:31AM (#21320215)

By "Trojans Found In New HDs Sold In Taiwan", I thought they meant condoms.

That would suck. Imagine hundreds of geeks getting a box in the mail from NewEgg filled with a product you have no use for.

Threadjack: WTF? (Score:4, Funny)

by Corwn of Amber ( 802933 ) writes: <corwinofamber@@@skynet...be> on Monday November 12, 2007 @03:29AM (#21320545) Journal

autorun.inf and ghost.pif, yeah, right. Who still uses windows, AND has autorun enabled?
Answer : Everyone. Even geeks give up configuring Windows to that point after one hundred reinstalls. Or they give up on Windows already... Okay, "who does not reformat new HDs before use?"

Who buys Maxtor HDs anyway? Never had one that even lasted till the end of warranty, used 8 of those in under two years. And there are not enough hours in one year to make up for the order of magnitude between announced and effective MTBF. (168*52 = way less than "tens of thousands of hours".)

Not that I excuse them for dataraping their customers. The exec that ordered that should be put to a very slow and painful death. With the Maxtor engineering team. (If there even IS one.)

Re:LISTEN UP WANNA BE PSYCHIATRIST/PSYCHOLOGIST (Score:2, Funny)

by networkBoy ( 774728 ) writes: on Monday November 12, 2007 @11:21AM (#21323541) Journal

No, he's right, I'm a closet narcissist. This is my one release in life, to sign my /. posts. I must do it, for if I didn't my heat would explode in an atomic blast unrivaled since the dawn of man. Remember Tunguska? That was when I only had a chance to partially sign a post. You don't want that to happen again do you?

Here's to saving the world ;-)
-nB

Re:Technet says 0xff not 0xb5 (Score:3, Funny)

by Just Some Guy ( 3352 ) writes: <kirk+slashdot@strauser.com> on Monday November 12, 2007 @03:52PM (#21327097) Homepage Journal

MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended) DWORD 0xFF

On behalf of every Linux user that's ever had to listen to Windows users making fun of /etc: <nelson>Ha-ha!</nelson>

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Trojan Found In New HDs Sold In Taiwan 344

Trojan Found In New HDs Sold In Taiwan More Login

Trojan Found In New HDs Sold In Taiwan

First off... (Score:5, Funny)

It's a bargain! (Score:5, Funny)

Re:Obilgitory HOSTS comment: (Score:5, Funny)

Re:Not a trojan (Score:3, Funny)

Re:First off... (Score:3, Funny)

It could be worse (Score:5, Funny)

It was meant to benifit the customer (Score:4, Funny)

Re:First off... (Score:3, Funny)

Re:It's times like this... (Score:5, Funny)

Re:First off... (Score:4, Funny)

Re:First off... (Score:3, Funny)

I think ... (Score:3, Funny)

Re:Obilgitory HOSTS comment: (Score:3, Funny)

Oh, malware... (Score:5, Funny)

Re:First off... (Score:5, Funny)

Re:Liar! (Score:3, Funny)

It's bad beyond a joke - so time for one (Score:5, Funny)

Re:Oh, malware... (Score:5, Funny)

Threadjack: WTF? (Score:4, Funny)

Re:LISTEN UP WANNA BE PSYCHIATRIST/PSYCHOLOGIST (Score:2, Funny)

Re:Technet says 0xff not 0xb5 (Score:3, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot