Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Data Storage IT

Trojan Found In New HDs Sold In Taiwan 344

Posted by kdawson from the bourne-again dept.
GSGKT writes "About 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand were found to have trojan horse malwares pre-installed (autorun.inf and ghost.pif). When the HD is in use, these forward information on the disk to two websites in Beijing, China: www.nice8.org or www.we168.org. The article implies that authorities believe the Chinese government is behind the trojans. A later article pins down the point of infection to a subcontractor company in China. A couple of months back the Register was reporting on pre-installed malware detected on Maxtor disks sold in the Netherlands. This earlier report was downplayed by a Seagate spokesman." The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.
This discussion has been archived. No new comments can be posted.

Trojan Found In New HDs Sold In Taiwan More

Trojan Found In New HDs Sold In Taiwan

Comments Filter:

  • Can't trust hardware anymore? (Score:4, Insightful)

    by compumike ( 454538 ) on Sunday November 11, 2007 @10:45PM (#21318547) Homepage
    While the open source movement has done a great deal toward making software understandable, at some point, people have to trust their computers. However, this used to be a great deal easier, because engineers had a good idea of what could be done with a particular amount of circuitry.

    The increasing level of integration means that hardware is more and more of a black box. While this has led to huge savings in cost and performance boosts, we've paid for it by being unable to debug the hardware, and unsure of what's really going on inside.

    While the case in the article talks specifically about a trojan horse installed normally on the drive -- and thus something that should have been remedied by a good formatting job -- who knows what could happen once we have vulnerabilities embedded directly into the hardware. One could certainly imagine a trojan that was hard-coded in the firmward and kept moving itself around the disc after attempts to delete it.

    It's also seems fishy that much sensitive information (of relevance to a foreign government) could be obtained from randomly putting trojans on hard drives... Isn't it possible that this was an unintentional infection from some disk-handling or testing machine along the line?

    --
    Educational microcontroller kits for the digital generation. [nerdkits.com]

  • Not a trojan (Score:4, Insightful)

    by techmuse ( 160085 ) on Sunday November 11, 2007 @10:45PM (#21318559)
    By the way, it isn't a trojan. A trojan is software that convinces the user to install it by looking like something else that the user might want to install. While this may certainly qualify as malware, it isn't a trojan.

  • Maybe a format (Score:2, Insightful)

    by virtualnz ( 1187667 ) on Sunday November 11, 2007 @10:46PM (#21318569) Homepage
    maybe a format of the drive when its purchased will fix. Or because its malware does this mean its going to be embedded into the hardware? It goes to show that we can't even rely on our hardware now without some big "brother" sending information back.

  • Vista (Score:1, Insightful)

    by Paul_Hindt ( 1129979 ) on Sunday November 11, 2007 @10:47PM (#21318581) Homepage
    Yeah my new computer shipped with malware installed to...Windows Vista.

  • Re:Not a trojan (Score:5, Insightful)

    by Megane ( 129182 ) on Sunday November 11, 2007 @10:50PM (#21318611)

    A trojan is software that convinces the user to install it by looking like something else that the user might want to install.

    Something else like a... hard disk?

  • Re:Same (Score:2, Insightful)

    by Monsuco ( 998964 ) on Sunday November 11, 2007 @10:51PM (#21318619) Homepage

    Lead in paint, malware in HD's same thing really
    Except that pesky death part. Meh details.

  • Re:go go gadget china! (Score:2, Insightful)

    by NeverVotedBush ( 1041088 ) on Sunday November 11, 2007 @10:53PM (#21318647)
    And China still openly considers the USA to be an enemy. Why manufacturers subject themselves to these liabilities I'll never... Oh wait - they make more money even if they kill children with GHB overdoses, cripple their brains with lead, or export National secrets and financial data to China.

    What the hell was I thinking? American businesses that outsource to China are no better than spies and traitors themselves. For all the damage they do, they might as well be.

  • Re:Not a trojan (Score:2, Insightful)

    by malvidin ( 951569 ) on Sunday November 11, 2007 @10:56PM (#21318685)
    Although I agree with your definition of a trojan, I have to say that this is a trojan as well.

    If someone puts malware in a device I would willingly put in my computer without me employing security measures, I would consider that more true to the original source of the term.

  • Re:How would that even work (Score:3, Insightful)

    by CastrTroy ( 595695 ) on Sunday November 11, 2007 @11:09PM (#21318781)
    Wrong, the trojan is not set to autorun, the computer is set to autorun. The trojan just contains files that means it will be autorun if the computer is set to do so. There's a difference here. I don't know how anybody ever thought that having computers automatically run executable programs without any user intervention was a good thing, but personally, I can't see how computers are still configured by default to run any drive you hook up to them.

  • Just more proof that autorun is insanely stupid (Score:5, Insightful)

    by 0123456 ( 636235 ) on Sunday November 11, 2007 @11:30PM (#21318967)
    Why oh why does Microsoft still automatically run software off any disk that's inserted into your PC? Surely decades of floppy-carried virii should have convinced them of what a frigging stupid idea that is?

  • First Hard Drives, then Motherboard BIOSes (Score:2, Insightful)

    by shoor ( 33382 ) on Sunday November 11, 2007 @11:47PM (#21319111)
    What happens when they put malware in the BIOS on your motherboards.
    How will you know? How will you get rid of it, (I know flash the
    BIOS, but maybe the BIOS doesn't want to be flashed.)

    There's talk that the next war will be a cyberwar. I guess that's
    better than the other kind, but these are some of the ways to do it
    I'd say.

  • Re:Thank goodness for Chinese manufacturing (Score:3, Insightful)

    by Opportunist ( 166417 ) on Sunday November 11, 2007 @11:59PM (#21319191)
    It's possible, but how many can? Let's face it, Chinese crap is cheap crap. And with many people just barely making enough money to live on, they can't be choosy. They have to buy what their budget dictates.

  • Re:Thank goodness for Chinese manufacturing (Score:3, Insightful)

    by JewGold ( 924683 ) on Monday November 12, 2007 @12:11AM (#21319263)
    Maybe part of the reason that people don't have enough to live on is that all the manufacturing jobs, which used to be the cornerstone of the American economy and middle class, are now in China.

    I don't know how much faith I have in this "new economy," which seems to be based on people selling overpriced houses to each other and getting further and further in debt.

  • possible scenarios (Score:2, Insightful)

    by asleeplessmalice ( 996720 ) on Monday November 12, 2007 @12:29AM (#21319413)
    a) sloppy manufacturing picks up loose malware b) deliberate infection by teenage haxor, perhaps for prestige, perhaps for cash c) deliberate, by botnet agent d) deliberate, by government agent e) deliberate, by aliens, illuminati, JFK, and cmdr taco - Found for sale only in Taiwan so far / aimed at Taiwan? Only 1800 drives reported infected, 300 sold. Infection reported to be found initially by consumers. Doesn't sound particularly sophisticated to me. My bet is on (a).

  • We are to blame for China, not the corporations (Score:4, Insightful)

    by AHumbleOpinion ( 546848 ) on Monday November 12, 2007 @12:39AM (#21319483) Homepage
    American businesses that outsource to China are no better than spies and traitors themselves.

    I realize you are merely repeating a popular but false meme so please do not think I am being harsh with you personally, it's the meme that I am being harsh with.

    The notion that corporations are to blame for outsourcing to China is beyond naive. We the consumers, not the corporation are to blame! We have essentially forced corporations to outsource by our consideration of virtually nothing beyond price. Business is a Darwinian process. That first corporation that experimented with outsourcing was *rewarded* by consumers rather than punished. Corporations had little choice, jump on the outsourcing bandwagon or go out of business.

    If you do not like outsourcing look at the labeling on packaging. Sometimes this requires a little extra effort. I needed a set of screwdrivers and in the regular tools section everything at the local Home Depot was an import. I accidentally found some manufactured in the USA elsewhere in a "professional tools" section. Maybe its not too late.

  • Re:First off... (Score:1, Insightful)

    by Anonymous Coward on Monday November 12, 2007 @01:04AM (#21319597)
    Why do you sign your posts?! Your username is already there, above your text! GAWD! Narcissistic, YOU ARE.

  • Troll Alert... (Score:5, Insightful)

    by Belial6 ( 794905 ) on Monday November 12, 2007 @01:36AM (#21319875)
    [Troll]
    That's the problem with Windows. It doesn't Just Work(tm). You have to know these cryptic menus to edit databases just to keep your new USB drive from running whatever application happens to be on it. Maybe one day Microsoft could start doing some real usability testing and get Windows to be as easy for a new user as Linux.
    [/Troll]

  • Re:Just more proof that autorun is insanely stupid (Score:3, Insightful)

    by arminw ( 717974 ) on Monday November 12, 2007 @02:24AM (#21320171)
    ......all they want is a computer that works without them having to know too much about it......

    Isn't Apple advertising that Macs "just work"? Macs don't have this autorun "feature", so maybe because of that, they should be sued for false advertising.


  • Windows knows better than you do what should be done with a new drive. And if it doesn't, that's your tough schist. After all, you're not foolish enough to believe you actually own your computer once you've put Windows on it and connected to the Wild Wild Web? Your friendly global software megalomaniac "owns" it, and some pimply-faced teenager from East Slobodnia pwns it. Don't like that? Use another system....


    seriously - autorun (for ANY media - optical or other) should be one of those times when Windows puts up a dialog saying "I'm about to run the autostart program from this drive you just connected. Yes/No/Format?" Any "security" system worth its weight in used toilet paper should do that for you.

  • Re:Threadjack: WTF? (Score:3, Insightful)

    by Smidge204 ( 605297 ) on Monday November 12, 2007 @07:43AM (#21321723) Journal
    Solution? Ship the drives UNFORMATTED. No partitions or filesystems, no malware.

    Most brands ship that brain-dead "install software" anyway, which the clueless will install. Have that "Initialize" the drive for them. The ones smart enough to not install that crap software will be smart enough to format the drive themselves.
    =Smidge=

  • Re:We are to blame for China, not the corporations (Score:3, Insightful)

    by AHumbleOpinion ( 546848 ) on Monday November 12, 2007 @05:15PM (#21328145) Homepage
    I consider it rather dishonorable to ask people to buy your crap out of feelings of national pride when you can't be bothered to make products that are as good as the competition.

    I agree. I am not suggesting that one buy solely on a nationalistic basis. What I am arguing is that local products and services should be one important factor. Recall that the complaint in my original post was "our consideration of virtually nothing beyond price".

    I don't remember as well, but I imagine Japanese consumer electronics, particularly TVs, were better in many ways than their American counterparts during the time they were in competition.

    Your US auto industry example is fine, in that area there was a quality gap. While much of the blame goes to the corporations the unions deserve some responsibility as well. However with respect to consumer electronics it is not that simple. Unlike the auto industry, the switch to Japanese electronics began while Japanese products were low quality and low price.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close