Trojan Found In New HDs Sold In Taiwan

GSGKT writes "About 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand were found to have trojan horse malwares pre-installed (autorun.inf and ghost.pif). When the HD is in use, these forward information on the disk to two websites in Beijing, China: www.nice8.org or www.we168.org. The article implies that authorities believe the Chinese government is behind the trojans. A later article pins down the point of infection to a subcontractor company in China. A couple of months back the Register was reporting on pre-installed malware detected on Maxtor disks sold in the Netherlands. This earlier report was downplayed by a Seagate spokesman." The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.

Same

[renegadesx]

Lead in paint, malware in HD's same thing really

Thank goodness for Chinese manufacturing

[JewGold]

I mean, so what if there's a trojan that steals my identity and turns my computer into a botnet node? So what the materials it's comprised of let off poisons that will kill me and my whole family? I saved $6 on this baby!

Re:How would that even work

[myc]

not for external USB drives that are already pre-formatted with a FAT32 filesystem. Plug it in and go! your box is pwn3d.

Re:Obilgitory HOSTS comment:

[NeverVotedBush]

Excellent suggestion and I hope you get modded informative.

There is a blacklist website that had the www.nice8.org site listed a while back (I serched in mine before entering it) but the we268 site wasn't in there and still isn't.

The URL to the hosts blacklist file: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] This really speeds up browsing too as a lot of the tracking sites get blocked.

that said..

[QuantumG]

Try putting this in your autorun.inf:

[autorun]
shell\silly=You're silly
shell\silly\command=calc.exe
shell=silly

now remove and reinsert the USB device. Hmm.. nothing happens.. how strange. Go to My Computer and double click on I: (or whatever your drive is mapped to) and what happens? Yeah, calc.exe is run. Thanks Microsoft.

You may now flame away.

Re:Can't trust hardware anymore?

[M. Baranczak]

It's also seems fishy that much sensitive information (of relevance to a foreign government) could be obtained from randomly putting trojans on hard drives... Isn't it possible that this was an unintentional infection from some disk-handling or testing machine along the line?

How do you know it was random? Let's say they have a specific target in mind, and they know what sort of hard drives the target uses, and which supplier he gets them from. They infect a whole container load of disks which is bound for that supplier. Whoops, they overdid it - now some unrelated hacker wound up with one of those things, noticed the shenanigans and published them on the net.

Although the second scenario (the boring one) is a lot more likely.

... May not be as simple as it seems

[JeanBaptiste]

Why would the Chinese government do something so obvious? And the drives were sold in Taiwan? Given the relationship between the Chinese and the Taiwanese... it seems more like this was _meant_ to be found in order to destabilize the Taiwan economy more than to do any sort of real information gathering... if the Chinese government wanted to gather information I'm sure they could and would be far more covert than this... and compared to the other systems they surely have in place this is nothing.....

This is not as simple as it seems I think but instead is meant to be discovered in order to produce reactions similar to many of the posts I have read so far

Just a guess tho, but there's more going on here than is in this story

Re:First off...

[Doctor Memory]

I would be spooked by an already formatted drive (don't they ship blank?)

According to my Solaris box, yes, they do. At least, I've never been able to just install a new drive and do anything with it before I partitioned it and laid down a file system.

Re:Not a trojan

[tftp]

A hard disk is mostly... hardware. There's a little software in it, even in a good, uninfected unit

Two cases here. First, you got an external USB HDD. It often contains lots of software. I have a Seagate USB/FireWire HDD, it comes with FreeAgent backup and configuration software. I bought the software with the HDD unit, they are one set. I would be an idiot if I format the HDD first.

Another case is when you get an internal HDD that is supposed to be unformatted. But you don't know if it is or isn't - not before you install it into your Windows box and power it up. If the HDD is blank, as it should be, then you need to format it, and all is well. However if it is already formatted for you and contains something, Windows has no way of knowing why it is so, and it will treat it as any other removable drive - namely, will read the autorun.inf and proceed running all the viruses in the world that the drive may contain, all that before you even realize that something is wrong.

In either case, if your antivirus finished loading by this time it may save you, if it is good enough. But I recall some recent review that claimed that a typical antivirus fails to catch as many as half of the viruses.

Re:Thank goodness for Chinese manufacturing

[Opportunist]

1:1.46 to the Euro now. It's getting really scary, if my former boss at the bank is right, at 1.50 we'll see global economy start to shake. At 1.70 we'll be partying like it's 1929.

Re:We are to blame for China, not the corporations

[ScrewMaster]

I realize that you are merely repeating a popular but false meme, so please do not think I'm being harsh with you personally.

What you're trying to say is "vote with your wallet." We are decades past that having any effect and I'll tell you why.

Remember one thing: consumers are the end of the supply and manufacturing chain. Products don't appear out of thin air, even simple items are the result of a long succession of manufacturing processes. Many years ago, the Japanese deliberately used predatory pricing (i.e. dumping) to attack domestic manufacturers of a wide array of electronic components. Once they successfully eliminated our own sources of supply for those critical components, they began to move up the supply chain until they were selling directly to the end user (hello, K-mart shoppers!) This happened long before China came on the scene: the last television set made in America was sold decades ago. In effet, the Japanese systematically destroyed our ability to make the most basic components of consumer electronic devices. Once that was accomplished, the rest of those markets belonged to them, because any remaining domestic producers were entirely dependent upon Japan for their raw materials. From the consumer's perspective, none of this was remotely obvious until suddenly the old, familiar "Made in the U.S.A" label became hard to find. By the time that happened, the domestic manufacturers were long gone. It's insidious, and our government was supposed to be on the lookout for such destructive activity (we have laws against it), but in this regard the Federal Government has failed ... miserably. Matter of fact, they aided and abetted the enemy. Isn't corruption wonderful?

China is just finishing the job, because they are much larger than Japan and can operate on a much vaster scale. They have attacked everything from textiles to electronics. All the great textile factories in the U.S. are lying fallow now, all their machine tooling gone ... sold for pennies on the dollar to China. Do you realize that we no longer have the ability to clothe ourselves? Get used to last year's styles if China decides it's time to put the screws to us for real. Don't give those old clothes to Goodwill or the Salvation Army, 'cause you'll probably need them yourself.

The sad fact is that we've been completely hollowed out, all the way from raw materials processing down the line to finished goods. Can this be reversed? Can America return to being a major industrial power? At this point I'd give a qualified "Yes", but only if Congress gets off its fat collective corrupted ass and fixes a few things so that American companies can begin to compete again. I don't see that happening in the near future: Congress is perfectly aware that they are not going to be subject to the looming economic disaster that the rest of us are facing.

thems is fightin words

[slew]

Taiwan is the country that is a part of China

I think many folks in Taiwan would have an issue with this statement.

A quick history lesson. The aborignal people of taiwan are actually connected to the other oceania aborignes (e.g. native of the other islands like the philippines, malaysia, and indonesia). The mainland Ming and Qing dynasties (pre-cursors to modern china) never really considered the island as part of their "middle kingdom".

Meanwhile, the Dutch that colonized the island which they called Formosa (which is now Taiwan) to use as their base to trade with Japan. This was managed by the Dutch East India Company (Spain briefly tried to hone in on the island, but were driven out by the Dutch).

Eventually, the conflicts that led to the formation of modern china, spilled over to the island. Koxinga, a Ming dynasty warlord/general/rebel (born in japan to a mother who was japanese and a Ming dynasty general) overthrew the dutch on Formosa to establish a base for Ming dynasty rebels that wanted to re-take over the Qing dynasty. This event has historically been cited by the chinese as their historic claim over the island, but it seems no more valid than the Dutch claim which is basically moot (since as we know possesion is more than 9/10 of international law).

Of course the Japanese eventually defeated the Chinese in the Sino-Japanese war and the Qing ceded Taiwan to Japan as part of the Treaty of Shimonoseki. Japan basically occupied Taiwan until the end of WWII.

During the resolution of WWII and the Japanese surrender, basically, Japan was forced to give up all the territories that it gained all the way back from the end of WWI from the Republic of China which included the island of Formosa. The decision of who the territories should fall to were left up for the final Treaty of Peace with Japan which left the decision to the winners of WWII in the Pacific (basically the US, the UK and Soviet Union and the ROC).

Of course after WWII, this was all complicated as the Republic of China which was generally considered the KMT government at the time was overthrown by the People's Republic of China (Mao, etc) and the KMT government retreated and occupied Taiwan for many years claiming that they were still the KMT/ROC. That and the beginnings of the cold war power struggles led to the controversial Treaty of San Francisco which officially ended WWII in the pacific required that Japan cede Taiwan to one of the "winners" which due to a complicated set of circumstances, the ROC or the PRC were never specified (since they weren't invited to be part of the treaty because of the civil war at the time there was no agreement on who the government was).

In fact with some stretching, it's possible to conclude that the Treaty of San Francisco actually leaves Taiwan as an occupied territory of the United States (sort of like berlin was occupied by 4 powers at the end of the war in europe).

So it's actually debatable that Taiwan is even a country and if it is, if it is actually part of China or an independent country in it's own right...