Trojan Found In New HDs Sold In Taiwan 344
GSGKT writes "About 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand were found to have trojan horse malwares pre-installed (autorun.inf and ghost.pif). When the HD is in use, these forward information on the disk to two websites in Beijing, China: www.nice8.org or www.we168.org. The article implies that authorities believe the Chinese government is behind the trojans. A later article pins down the point of infection to a subcontractor company in China. A couple of months back the Register was reporting on pre-installed malware detected on Maxtor disks sold in the Netherlands. This earlier report was downplayed by a Seagate spokesman." The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.
Can't trust hardware anymore? (Score:4, Insightful)
The increasing level of integration means that hardware is more and more of a black box. While this has led to huge savings in cost and performance boosts, we've paid for it by being unable to debug the hardware, and unsure of what's really going on inside.
While the case in the article talks specifically about a trojan horse installed normally on the drive -- and thus something that should have been remedied by a good formatting job -- who knows what could happen once we have vulnerabilities embedded directly into the hardware. One could certainly imagine a trojan that was hard-coded in the firmward and kept moving itself around the disc after attempts to delete it.
It's also seems fishy that much sensitive information (of relevance to a foreign government) could be obtained from randomly putting trojans on hard drives... Isn't it possible that this was an unintentional infection from some disk-handling or testing machine along the line?
--
Educational microcontroller kits for the digital generation. [nerdkits.com]
Not a trojan (Score:4, Insightful)
Maybe a format (Score:2, Insightful)
Vista (Score:1, Insightful)
Re:Not a trojan (Score:5, Insightful)
Something else like a... hard disk?
Re:Same (Score:2, Insightful)
Re:go go gadget china! (Score:2, Insightful)
What the hell was I thinking? American businesses that outsource to China are no better than spies and traitors themselves. For all the damage they do, they might as well be.
Re:Not a trojan (Score:2, Insightful)
If someone puts malware in a device I would willingly put in my computer without me employing security measures, I would consider that more true to the original source of the term.
Re:How would that even work (Score:3, Insightful)
Just more proof that autorun is insanely stupid (Score:5, Insightful)
First Hard Drives, then Motherboard BIOSes (Score:2, Insightful)
How will you know? How will you get rid of it, (I know flash the
BIOS, but maybe the BIOS doesn't want to be flashed.)
There's talk that the next war will be a cyberwar. I guess that's
better than the other kind, but these are some of the ways to do it
I'd say.
Re:Thank goodness for Chinese manufacturing (Score:3, Insightful)
Re:Thank goodness for Chinese manufacturing (Score:3, Insightful)
I don't know how much faith I have in this "new economy," which seems to be based on people selling overpriced houses to each other and getting further and further in debt.
possible scenarios (Score:2, Insightful)
We are to blame for China, not the corporations (Score:4, Insightful)
I realize you are merely repeating a popular but false meme so please do not think I am being harsh with you personally, it's the meme that I am being harsh with.
The notion that corporations are to blame for outsourcing to China is beyond naive. We the consumers, not the corporation are to blame! We have essentially forced corporations to outsource by our consideration of virtually nothing beyond price. Business is a Darwinian process. That first corporation that experimented with outsourcing was *rewarded* by consumers rather than punished. Corporations had little choice, jump on the outsourcing bandwagon or go out of business.
If you do not like outsourcing look at the labeling on packaging. Sometimes this requires a little extra effort. I needed a set of screwdrivers and in the regular tools section everything at the local Home Depot was an import. I accidentally found some manufactured in the USA elsewhere in a "professional tools" section. Maybe its not too late.
Re:First off... (Score:1, Insightful)
Troll Alert... (Score:5, Insightful)
That's the problem with Windows. It doesn't Just Work(tm). You have to know these cryptic menus to edit databases just to keep your new USB drive from running whatever application happens to be on it. Maybe one day Microsoft could start doing some real usability testing and get Windows to be as easy for a new user as Linux.
[/Troll]
Re:Just more proof that autorun is insanely stupid (Score:3, Insightful)
Isn't Apple advertising that Macs "just work"? Macs don't have this autorun "feature", so maybe because of that, they should be sued for false advertising.
Actually, "Just Work"ing is the problem here.... (Score:2, Insightful)
Windows knows better than you do what should be done with a new drive. And if it doesn't, that's your tough schist. After all, you're not foolish enough to believe you actually own your computer once you've put Windows on it and connected to the Wild Wild Web? Your friendly global software megalomaniac "owns" it, and some pimply-faced teenager from East Slobodnia pwns it. Don't like that? Use another system....
seriously - autorun (for ANY media - optical or other) should be one of those times when Windows puts up a dialog saying "I'm about to run the autostart program from this drive you just connected. Yes/No/Format?" Any "security" system worth its weight in used toilet paper should do that for you.
Re:Threadjack: WTF? (Score:3, Insightful)
Most brands ship that brain-dead "install software" anyway, which the clueless will install. Have that "Initialize" the drive for them. The ones smart enough to not install that crap software will be smart enough to format the drive themselves.
=Smidge=
Re:We are to blame for China, not the corporations (Score:3, Insightful)
I agree. I am not suggesting that one buy solely on a nationalistic basis. What I am arguing is that local products and services should be one important factor. Recall that the complaint in my original post was "our consideration of virtually nothing beyond price".
I don't remember as well, but I imagine Japanese consumer electronics, particularly TVs, were better in many ways than their American counterparts during the time they were in competition.
Your US auto industry example is fine, in that area there was a quality gap. While much of the blame goes to the corporations the unions deserve some responsibility as well. However with respect to consumer electronics it is not that simple. Unlike the auto industry, the switch to Japanese electronics began while Japanese products were low quality and low price.