Trojan Found In New HDs Sold In Taiwan

GSGKT writes "About 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand were found to have trojan horse malwares pre-installed (autorun.inf and ghost.pif). When the HD is in use, these forward information on the disk to two websites in Beijing, China: www.nice8.org or www.we168.org. The article implies that authorities believe the Chinese government is behind the trojans. A later article pins down the point of infection to a subcontractor company in China. A couple of months back the Register was reporting on pre-installed malware detected on Maxtor disks sold in the Netherlands. This earlier report was downplayed by a Seagate spokesman." The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.

Same

[renegadesx]

Lead in paint, malware in HD's same thing really

Re:

[Monsuco]

Lead in paint, malware in HD's same thing really

Except that pesky death part. Meh details.

Threadjack: WTF?

[Corwn of Amber]

autorun.inf and ghost.pif, yeah, right. Who still uses windows, AND has autorun enabled?
Answer : Everyone. Even geeks give up configuring Windows to that point after one hundred reinstalls. Or they give up on Windows already... Okay, "who does not reformat new HDs before use?"

Who buys Maxtor HDs anyway? Never had one that even lasted till the end of warranty, used 8 of those in under two years. And there are not enough hours in one year to make up for the order of magnitude between announced and effective MTBF. (168*52 = way less than "tens of thousands of hours".)

Not that I excuse them for dataraping their customers. The exec that ordered that should be put to a very slow and painful death. With the Maxtor engineering team. (If there even IS one.)

Re:

[Lennie]

The problem is most Windows users format the disk from within Windows.

Then the malware already automatically gets run.

Re:

[Smidge204]

Solution? Ship the drives UNFORMATTED. No partitions or filesystems, no malware.

Most brands ship that brain-dead "install software" anyway, which the clueless will install. Have that "Initialize" the drive for them. The ones smart enough to not install that crap software will be smart enough to format the drive themselves.
=Smidge=

Re:

[RuBLed]

I hate these scripts that utilizes autorun.inf. In my country they are so popular, everyone makes one, script kiddies! On the bright side, it could be easily removed most of the time.

The current (as of writing) Windows Secrets newsletter features an article that would let you at least prevent most kind of autorun.inf scripts from ever running in the first place. It would save me some trouble from all those college girls (errr.. I mean relatives) that gets infected by these sort of things all the time...

One [windowssecrets.com]

Oh, malware...

[Anonymous Coward]

By "Trojans Found In New HDs Sold In Taiwan", I thought they meant condoms.

(OK, who's the comedian? My catchpas is "durable".)

Re:Oh, malware...

[SeaFox]

By "Trojans Found In New HDs Sold In Taiwan", I thought they meant condoms.

That would suck. Imagine hundreds of geeks getting a box in the mail from NewEgg filled with a product you have no use for.

First off...

[explosivejared]

Anyone who doesn't wipe a new drive first off is just begging for this sort of thing. Secondly, I guess it's a new competition for Chinese manufacturers to see what's the worst secret addition to a product sent overseas. Lead in toys, GHB in toys, phone-homes on HDD's... what's next killer bees in new TV's... really. Consumerism bites!!

Re:

[corsec67]

In windows, wouldn't the HD be mounted before you can format it?

I know in most Linux distros a HD that isn't mentioned in fstab will not get mounted, but what about Windows?

I guess you have to boot from a LiveCD and format the disc to be sure.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:First off...

[timeOday]

Sssh! The shift key is a copy-protection circumvention measure of questionable legality!

Re:

[ozmanjusri]

A default install of XP will autostart (i.e, autorun.inf) any external drive when it's plugged in. In theory, a program shouldn't run automatically without user intervention. You should get that menu offering to play music, copy files etc.

In practice, it's easy to get an app to run invisibly. If someone is trojaning OEM drives, Microsoft's choice of defaulting to the insecure autorun mode means a lot of people will be infected.

Re:First off...

[colfer]

Overriding autorun can be done in the registry, so you don't have to remember to hold down the shift key. Does it work for USB hard drives? Probably. These are the notes I have.

Works for USB drives and CD-ROMS.
[2007/10, from:
http://www.mydigitallife.info/2006/09/11/disable-auto-run-and-auto-play-of-u3-smart-drives-launchpad/%5D [mydigitallife.info]

      1. Click Start -> Run.
      2. Type RegEdit in the Open text box, then press ENTER.
      3. In the Registry Editor, locate and click the following registry key:

            HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom
      4. Modify the value of the Autorun to 0 (zero) so that CD-ROMs and Audio CDs do not run and start automatically when inserted.
      5. Next navigate to the following registry subkey:

            HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
      6. Modify the value of the NoDriveTypeAutoRun entry to 0xb5 value to turn off the AutoRun feature for CD-ROMs by right-click NoDriveTypeAutoRun and then click Modify to type B5 in the Value data box. Select Hexadecimal, and then click OK.
      7. Quit Registry Editor.
      8. Restart your computer.

Troll Alert...

[Belial6]

[Troll]
That's the problem with Windows. It doesn't Just Work(tm). You have to know these cryptic menus to edit databases just to keep your new USB drive from running whatever application happens to be on it. Maybe one day Microsoft could start doing some real usability testing and get Windows to be as easy for a new user as Linux.
[/Troll]

Re:

[Jugalator]

OK, then use msconfig for a built-in autostart UI, if you must. :-p

Re:

[ozmanjusri]

use msconfig for a built-in autostart UI,

That won't work.

msconfig is a diagnostic tool for disabling programs which are loaded at boot time. It has nothing to do with autoloading CDs.

There is no built-in autostart ui. If you're scared of the registry, you can download TweakUI, but you'll still need to disable autostart on a drive-by-drive basis.

Re:Actually, "Just Work"ing is the problem here...

[Mister Whirly]

"seriously - autorun (for ANY media - optical or other) should be one of those times when Windows puts up a dialog saying "I'm about to run the autostart program from this drive you just connected. Yes/No/Format?" Any "security" system worth its weight in used toilet paper should do that for you.

Windows does this already. The first time you connect a drive or insert a CD/DVD, Windows first tries to determine the type of media (pictures, videos, data files, etc.) and presents a prompt asking you what you

Re:

[Just Some Guy]

MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended) DWORD 0xFF

On behalf of every Linux user that's ever had to listen to Windows users making fun of /etc: <nelson>Ha-ha!</nelson>

Re:First off...

[Anonymous Coward]

>I'm not sure how Windows actually handles "mounting" behind the scenes

Simple. You install Windows, and feel as if you were being mounted by Ball-mer. With a chair.

Re:

[dotgain]

Or in my case, it tries to assign a driver letter, fails because there's already a drive using that letter, and says:

24 Volumes ought to be enough for anybody. Bet you never thought you'd run out of drive letter, huh?

Re:First off...

[networkBoy]

Um... I've always found it more convenient to mount drives as a subdir in windows, doubly so if you have tons of drives.
-nB

Nope

[The MAZZTer]

Default Windows settings would run the trojan once you plugged the drive in. To avoid this you either have to hold shift for an indeterminate amount of time while plugging the drive in, which can be difficult or impossible. With such a drive you're likely to use a more inaccessible port because you likely won't be needing to unplug it much. The only other alternative is to disable autorun for removable drives. This option is not available in the standard GUI and third party tools (or TweakUI) are needed

Whoops

[The MAZZTer]

Bah, right after I posted my comment I realized I wasn't thinking straight. Time for bed I guess. Ignore parent and imagine I typed this instead:

Default Windows settings would mount the drive and immediately parse autorun.inf. I'm not sure about running the trojan, but I think MS totally disabled the run part of autorun in Vista and maybe an XP update (instead you get a dialog which shows the autorun action as one of several options you can take including nothing, or opening the drive in explorer).

Not the only...think different

[djupedal]

"The only other alternative is to disable autorun for removable drives. "

Or... chassis it into an external FW/USB/SATA enclosure, cabled to a Mac & either reformat it for OS X & use... or wipe it and format it for a windows box.

Re:Nope

[LurkerXXX]

3rd party tools? Who needs 3rd party tools?

gpedit.msc

It's a windows GUI tool.

Computer Configuration > Click "Administrative Templates" > Click "System" > Double-Click "Turn off Autoplay", set it for "All Drives" and click the "apply" button.

Re:

[Datamonstar]

It could stay resident in memory.

Re:

[networkBoy]

Internal, external, whatever. Irrespective of the application I format any drive before use, additionally I would be spooked by an already formatted drive (don't they ship blank?)
-nB

Re:

[Doctor Memory]

I would be spooked by an already formatted drive (don't they ship blank?)

According to my Solaris box, yes, they do. At least, I've never been able to just install a new drive and do anything with it before I partitioned it and laid down a file system.

Re:

[MrAndrews]

Exactly! The TFA has a definite agenda... in reality, this is a competitive move by Maxtor [pttbt.ca]. You have to do extraordinary things to stand out in this global economy.

Re:

[uncoveror]

When I read that these drives were originally for government agencies, I suspected it might be Monkeypoo... VIRUS WARNING: Attention: Computer Labs Inc., makers of Virucide antivirus software have identified a highly dangerous new Trojan worm, MONKEYPOO. It will usually appear in an e-mail with the subject, "Congratulations.You have won!" it will then prompt you to click a link to collect your cash prize. It can also freely spread across networks. Monkeypoo will read your address book, and mail a copy of

It's a bargain!

[techmuse]

Most PCs ship without professionally produced malware installed. While everyone might *wish* that their PC came with such software, only a small percentage of customers are actually lucky enough to get their malware free of charge. Mac users, don't feel bad that your system won't come with it. You get iLife. :-)

Re:

[KPU]

Dell's worldwide market share may be 13% but that alone is more than "a small percentage of customers" who receive malware free of charge with a new PC.

It's times like this...

[fractoid]

...that I'm really glad I switched to Linux. :)

Re:

[Brian Gordon]

I just disabled Windows autorun and I'm equally safe.. *shrug*

Re:

[NeverVotedBush]

Sure you are. Keep telling yourself that...

Re:

[JackieBrown]

I'm sure most window users do this as well....

Re:It's times like this...

[ozmanjusri]

I'm equally safe

Only if you disabled NTLDR as well....

Re:

[ArcherB]

I just disabled Windows autorun and I'm equally safe.. *shrug*

I think the GP is implying that he doesn't have worry about things LIKE this.

An example I have would be a buddy of mine at work. He's a technician also, but not really a "geek". Anyway, he got a message from Time Warner the other day saying he was kicked off his cable Internet for sending out spam. Evidently, his desktop machine got infected. He said, "I don't get it. How did it get infected? I never use it. I always use my notebook. It's

Thank goodness for Chinese manufacturing

[JewGold]

I mean, so what if there's a trojan that steals my identity and turns my computer into a botnet node? So what the materials it's comprised of let off poisons that will kill me and my whole family? I saved $6 on this baby!

Re:

[sqrt(2)]

I stopped buying things made in China. It is possible. I've found that most things you could want to buy have an alternative made here in America, except maybe electronics and you can usually get ones made in Japan. I've been saying this to people for a long time, longer than the last six months when we've been hearing all these stories about poisoned Chinese products. Check the labels, shop around if you can. There are alternatives out there.

Re:

[Opportunist]

It's possible, but how many can? Let's face it, Chinese crap is cheap crap. And with many people just barely making enough money to live on, they can't be choosy. They have to buy what their budget dictates.

Re:

[JewGold]

Maybe part of the reason that people don't have enough to live on is that all the manufacturing jobs, which used to be the cornerstone of the American economy and middle class, are now in China.

I don't know how much faith I have in this "new economy," which seems to be based on people selling overpriced houses to each other and getting further and further in debt.

Re:

[Opportunist]

1:1.46 to the Euro now. It's getting really scary, if my former boss at the bank is right, at 1.50 we'll see global economy start to shake. At 1.70 we'll be partying like it's 1929.

Re:

[Brian Gordon]

Not after shipping from China!

Can't trust hardware anymore?

[compumike]

While the open source movement has done a great deal toward making software understandable, at some point, people have to trust their computers. However, this used to be a great deal easier, because engineers had a good idea of what could be done with a particular amount of circuitry.

The increasing level of integration means that hardware is more and more of a black box. While this has led to huge savings in cost and performance boosts, we've paid for it by being unable to debug the hardware, and unsure of what's really going on inside.

While the case in the article talks specifically about a trojan horse installed normally on the drive -- and thus something that should have been remedied by a good formatting job -- who knows what could happen once we have vulnerabilities embedded directly into the hardware. One could certainly imagine a trojan that was hard-coded in the firmward and kept moving itself around the disc after attempts to delete it.

It's also seems fishy that much sensitive information (of relevance to a foreign government) could be obtained from randomly putting trojans on hard drives... Isn't it possible that this was an unintentional infection from some disk-handling or testing machine along the line?

--
Educational microcontroller kits for the digital generation. [nerdkits.com]

Re:

[M. Baranczak]

It's also seems fishy that much sensitive information (of relevance to a foreign government) could be obtained from randomly putting trojans on hard drives... Isn't it possible that this was an unintentional infection from some disk-handling or testing machine along the line?

How do you know it was random? Let's say they have a specific target in mind, and they know what sort of hard drives the target uses, and which supplier he gets them from. They infect a whole container load of disks which is bound for that supplier. Whoops, they overdid it - now some unrelated hacker wound up with one of those things, noticed the shenanigans and published them on the net.

Although the second scenario (the boring one) is a lot more likely.

Not a trojan

[techmuse]

By the way, it isn't a trojan. A trojan is software that convinces the user to install it by looking like something else that the user might want to install. While this may certainly qualify as malware, it isn't a trojan.

Re:Not a trojan

[Megane]

A trojan is software that convinces the user to install it by looking like something else that the user might want to install.

Something else like a... hard disk?

Re:

[Jeff DeMaagd]

>>A trojan is software that convinces the user to install it by looking like something else that the user might want to install.

>Something else like a... hard disk?

A hard disk is mostly... hardware. There's a little software in it, even in a good, uninfected unit, but that's called firmware. One doesn't buy a hard disk for that firmware.

Re:Not a trojan

[tftp]

A hard disk is mostly... hardware. There's a little software in it, even in a good, uninfected unit

Two cases here. First, you got an external USB HDD. It often contains lots of software. I have a Seagate USB/FireWire HDD, it comes with FreeAgent backup and configuration software. I bought the software with the HDD unit, they are one set. I would be an idiot if I format the HDD first.

Another case is when you get an internal HDD that is supposed to be unformatted. But you don't know if it is or isn't - not before you install it into your Windows box and power it up. If the HDD is blank, as it should be, then you need to format it, and all is well. However if it is already formatted for you and contains something, Windows has no way of knowing why it is so, and it will treat it as any other removable drive - namely, will read the autorun.inf and proceed running all the viruses in the world that the drive may contain, all that before you even realize that something is wrong.

In either case, if your antivirus finished loading by this time it may save you, if it is good enough. But I recall some recent review that claimed that a typical antivirus fails to catch as many as half of the viruses.

Re:

[malvidin]

Although I agree with your definition of a trojan, I have to say that this is a trojan as well.

If someone puts malware in a device I would willingly put in my computer without me employing security measures, I would consider that more true to the original source of the term.

Re:

[Waffle Iron]

Computer <-> Troy

SATA connector <-> City gate

Disk drive <-> Big wooden horse

Autorun file <-> Greek soldiers

Its a classic Trojan Horse.

[Marrow]

Something physical brought behind your defenses that attacks you un-awares.

How would that even work

[Paul Carver]

Do they have some mechanism for surviving the intial format or is this a complete hoax? Even assuming the drive is installed in a Windows computer, isn't the first step always to format the drive? I've added lots of drives to Windows machines and it never occured to me to try to access them without formatting them. Do these come preformatted?

As to the reference about these drives being used for government databases, certainly they would be reformatted when added to a RAID, wouldn't they? Even if preformatte

Re:How would that even work

[myc]

not for external USB drives that are already pre-formatted with a FAT32 filesystem. Plug it in and go! your box is pwn3d.

Re:

[totally bogus dude]

Autorun can definitely run exe's, that's its main purpose. That's how the installer automatically starts up when you insert a game or application CD. It's possible that the exe needs to be signed or something, but it's more likely that whatever program you were using simply "did it wrong".

Don't forget that you can also disable autorun permanently, rather than having to remember to hold shift every time you insert a disc.

Re:

[Chris Pimlott]

There's more to it in this case. Windows does not autorun executables for USB drives, presumably as a security measure. The way that U3-enabled flash drives get around it is by having a special controller and a read-only area that presents itself to Windows as a CD-ROM drive, for which the OS allows autorun. So in case you were ever wondering, yes, there is a difference between U3 flash drives and normal ones, it's not just branding.

Re:

[Chris Pimlott]

I found a short bit about USB autorun on Microsoft's site [microsoft.com]:

Q: What must I do to trigger Autorun on my USB storage device?
The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. If you need to make a USB storage device perform Autorun, the device must not be marked as a removable media device and the device must contain an Autorun.inf file and a startup application.

The removable media device setting is a flag contained within the SCSI Inquiry Data response to the SCSI Inquiry command [wikipedia.org].

Talk about security...

[Opportunist]

The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives.

Is MS also going to tell us how this is a feature on HDs? I can see it in CDs. I could even see it in USB drives. But in hard disks? Where's the point in an autorun feature on a hard drive?

Re:

[QuantumG]

Yeah, you're wrong. Do this..

1. insert a usb drive, let's say it is mounted to I:
2. edit I:\autorun.inf with a text editor (for example, notepad) and put:

[autorun]
open=calc.exe
action=Run Calculator

3. copy c:\windows\system32\calc.exe to I:
4. remove the usb drive
5. reinsert the usb drive

Windows will pop up a dialog that says:

Windows can perform the same action each time you insert a disk or connect a device with this kind of file:

Program

What do you want Windows to do?

Run Calculator
using the program on the device

Open folder to view files
using Windows Explorer

Take no action

[] Always do the selected action

You can make the action say "Open folder to view files" and you can even make the icon look similar, but Windows will always say that helpful "using the program on the device" and it w

that said..

[QuantumG]

Try putting this in your autorun.inf:

[autorun]
shell\silly=You're silly
shell\silly\command=calc.exe
shell=silly

now remove and reinsert the USB device. Hmm.. nothing happens.. how strange. Go to My Computer and double click on I: (or whatever your drive is mapped to) and what happens? Yeah, calc.exe is run. Thanks Microsoft.

You may now flame away.

Re:

[shaka]

They're external drives. They almost always come preformatted (FAT32), usually with some (autorun) software installed.

Re:

[petermgreen]

I've added lots of drives to Windows machines and it never occured to me to try to access them without formatting them. Do these come preformatted?
In my experiance bare drives don't but drives ready mounted up in USB caddies do.

Sure you could reformat it to remove stuff but by the time you get to the format screen you are probablly already infected.

Re:

[Megane]

Do they have some mechanism for surviving the intial format or is this a complete hoax?

What "initial format"? If you buy this drive and install it, preformatted with the trojan, Windows will see it as already formated and mount it, then autorun the malware. Moments later, the human who doesn't notice it's already formatted goes slowly (to a computer) to the disk format utility. By the time the format begins, the damage has already been done.

I will admit that I have noticed that sometimes brand new drives are already formatted, but then I immediately reformat them as HFS+ volumes. Next time

Re:

[CastrTroy]

Wrong, the trojan is not set to autorun, the computer is set to autorun. The trojan just contains files that means it will be autorun if the computer is set to do so. There's a difference here. I don't know how anybody ever thought that having computers automatically run executable programs without any user intervention was a good thing, but personally, I can't see how computers are still configured by default to run any drive you hook up to them.

Maybe a format

[virtualnz]

maybe a format of the drive when its purchased will fix. Or because its malware does this mean its going to be embedded into the hardware? It goes to show that we can't even rely on our hardware now without some big "brother" sending information back.

Re:

[totally bogus dude]

My impression is that they're just regular files pre-loaded on it, so reformatting will work. Provided of course you don't plug it in to a Windows PC with auto-run enabled in order to format it.

I wonder if one day we will see drives that have malware embedded in the controller that can't ever be erased? Maybe it's possible for them to detect "initial connection and probing by Windows" by waiting for a certain sequence of commands, and only expose the malware then. If you look at the drive later, or use a

Obilgitory HOSTS comment:

[killmofasta]

Please add to your host files:
127.0.0.1 www.nice8.org
127.0.0.1 www.we168.org

Re:Obilgitory HOSTS comment:

[lordofthechia]

Why not take some initiative.You can block the sites, or you can send them what they want! DATA! Send them lots of data, format it like it was sent with the virus and have fun coming up with a random assortment of websites to include in it (sure we could thing of a couple).

So why ignore when you can use up their bandwidth and screw up their database. Just an idea.

Re:

[NeverVotedBush]

Excellent suggestion and I hope you get modded informative.

There is a blacklist website that had the www.nice8.org site listed a while back (I serched in mine before entering it) but the we268 site wasn't in there and still isn't.

The URL to the hosts blacklist file: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] This really speeds up browsing too as a lot of the tracking sites get blocked.

Re:

[ColdWetDog]

There is a blacklist website that had the www.nice8.org site listed a while back (I serched in mine before entering it) but the we268 site wasn't in there and still isn't.

I think we Slashdotted it. They're not responding.

Re:Obilgitory disable autorun comment

[Technician]

Please add to your host files:
127.0.0.1 www.nice8.org
127.0.0.1 www.we168.org

Be sure to put them in the upstream router. Autorun may compromise the system.. DUH it's a trojan. Since the affected drives are portable drives, it is very important to disable autorun as well as block the sites upstream of the compromised machine.
   

Re:

[IgnoramusMaximus]

Please add to your host files:
127.0.0.1 www.nice8.org
127.0.0.1 www.we168.org

You bastard! I did and that unsavory host at 127.0.0.1 (isn't the 127.x range like the dark back-alleys of the Intertubes?) infected me with a nasty trojan, probably because it has like a million gajigabytes of completely illegal, pirated contents on it!! A veritable pirate hive, that! I hold you pesonally responsible for directing us, pure, innocent Slashdotters to it!

Liar!

[Opportunist]

127.0.0.1 is MY computer! Say that again and I sue you for slander, I'm not spreading malware!

(The scary part is that I'm not so convinced I couldn't find a judge who wouldn't allow that suit...)

Re:

[Wingnut64]

127.0.0.1 is MY computer!

That's amazing! I've got the same IP on my luggage!

But who's affected?

[r_jensen11]

The summary doesn't state who is at risk here. For all I know, these could be hard drives for servers. I suppose the files autorun.inf and ghost.pif hint that it's targeting Windows. Would this also be a security issue if someone attempted to execure those files within Wine or Parallels?

Seagate admits it

[Camael]

The more recent Taipei Times article says that Seagate admits the problem on its Web site, but a search there turns up nothing.

Untrue. The Seagate article can be found here: http://www.seagate.com/www/en-us/support/downloads/personal_storage/ps3200-sw/ [seagate.com]
So this is not a hoax, after all.

Re:

[ColdWetDog]

Well that link throws a 404 error. Searching for "Trojan" on the Seagate site just gave me a couple of links to a Terms of Use agreement. I just didn't have the heart to explore that concept further.

It could be worse

[Tribbin]

I once bought a computer with Windows preinstalled.

It was meant to benifit the customer

[edwardpickman]

They figured it was a time saving feature that would save bandwidth for the buyer having the Trojans preinstalled.

Just more proof that autorun is insanely stupid

[0123456]

Why oh why does Microsoft still automatically run software off any disk that's inserted into your PC? Surely decades of floppy-carried virii should have convinced them of what a frigging stupid idea that is?

Re:

[Shados]

It does? When I put a disk in my PC, it -asks- me if I want to run the auto-run, or if I wanna do something else with it...

Re:

[arminw]

......all they want is a computer that works without them having to know too much about it......

Isn't Apple advertising that Macs "just work"? Macs don't have this autorun "feature", so maybe because of that, they should be sued for false advertising.

Lenovo

[DustyShadow]

So if the Chinese government is willing to do this with just hard drives, it makes me wonder what they are putting on Lenovos.

I think ...

[PPH]

... the makers of third party malware should sue. Having OEM malware preinstalled is going to drive them out of business eventually.

Perhaps the EU can take up their case.

First Hard Drives, then Motherboard BIOSes

[shoor]

What happens when they put malware in the BIOS on your motherboards.
How will you know? How will you get rid of it, (I know flash the
BIOS, but maybe the BIOS doesn't want to be flashed.)

There's talk that the next war will be a cyberwar. I guess that's
better than the other kind, but these are some of the ways to do it
I'd say.

More Info on the Worm

[essinger]

The article doesn't state it but this seems to be the worm W32.Drom. [symantec.com] Symantec rates the threat as Very Low with 0-49 total infections. Take that with however many grains of salt you wish.

Re:

[Opportunist]

Any AV company can only rate any kind of malware by the amount of samples they encounter through their various sources, which usually include spam or webpages. Hard drives usually are not on their detector network.

I'd take that number with a quite unhealthy dose of salt. Most likely Symantec got a sample from somewhere (a customer, their cooperation with other AV researchers) but didn't encounter any samples through their detectors (well, how would they if that trojan is distributed in ways they cannot dete

... May not be as simple as it seems

[JeanBaptiste]

Why would the Chinese government do something so obvious? And the drives were sold in Taiwan? Given the relationship between the Chinese and the Taiwanese... it seems more like this was _meant_ to be found in order to destabilize the Taiwan economy more than to do any sort of real information gathering... if the Chinese government wanted to gather information I'm sure they could and would be far more covert than this... and compared to the other systems they surely have in place this is nothing.....

This

Re:

[NeverVotedBush]

And China still openly considers the USA to be an enemy. Why manufacturers subject themselves to these liabilities I'll never... Oh wait - they make more money even if they kill children with GHB overdoses, cripple their brains with lead, or export National secrets and financial data to China.

What the hell was I thinking? American businesses that outsource to China are no better than spies and traitors themselves. For all the damage they do, they might as well be.

We are to blame for China, not the corporations

[AHumbleOpinion]

American businesses that outsource to China are no better than spies and traitors themselves.

I realize you are merely repeating a popular but false meme so please do not think I am being harsh with you personally, it's the meme that I am being harsh with.

The notion that corporations are to blame for outsourcing to China is beyond naive. We the consumers, not the corporation are to blame! We have essentially forced corporations to outsource by our consideration of virtually nothing beyond price. Business is a Darwinian process. That first corporation that experimented with outsourcing was *rewarded* by consumers rather than punished. Corporations had little choice, jump on the outsourcing bandwagon or go out of business.

If you do not like outsourcing look at the labeling on packaging. Sometimes this requires a little extra effort. I needed a set of screwdrivers and in the regular tools section everything at the local Home Depot was an import. I accidentally found some manufactured in the USA elsewhere in a "professional tools" section. Maybe its not too late.

It's bad beyond a joke - so time for one

[dbIII]

I accidentally found some manufactured in the USA elsewhere in a "professional tools" section

In Australia we get a lot of professional tools from the USA. They end up managing telecommunications and other technology companies. I ask you citizens of the United States for the good of the reputation of your country to keep those managers who are complete tools within your borders, cut off their cocaine supply and put them to work sweeping floors somewhere where they can not do much damage with their remaining brain cells.

Re:

[ScrewMaster]

I realize that you are merely repeating a popular but false meme, so please do not think I'm being harsh with you personally.

What you're trying to say is "vote with your wallet." We are decades past that having any effect and I'll tell you why.

Remember one thing: consumers are the end of the supply and manufacturing chain. Products don't appear out of thin air, even simple items are the result of a long succession of manufacturing processes. Many years ago, the Japanese deliberately used predatory pri

Re:

[AHumbleOpinion]

I consider it rather dishonorable to ask people to buy your crap out of feelings of national pride when you can't be bothered to make products that are as good as the competition.

I agree. I am not suggesting that one buy solely on a nationalistic basis. What I am arguing is that local products and services should be one important factor. Recall that the complaint in my original post was "our consideration of virtually nothing beyond price".

I don't remember as well, but I imagine Japanese consumer ele

Re:

[corsec67]

Were they "Sold in Taiwan" and "Made in Thailand"?
That would be consistent with the headline and summary, but they could also be very wrong.

Re:

[night_flyer]

from TFA

"Around 1,800 of the portable Maxtor hard discs, produced in Thailand, carried two Trojan horse viruses: autorun.inf and ghost.pif, the bureau under the Ministry of Justice said."

Re:

[Tuoqui]

What a coincidence... My brother's new computer shipped with this malware too!

thems is fightin words

[slew]

Taiwan is the country that is a part of China

I think many folks in Taiwan would have an issue with this statement.

A quick history lesson. The aborignal people of taiwan are actually connected to the other oceania aborignes (e.g. native of the other islands like the philippines, malaysia, and indonesia). The mainland Ming and Qing dynasties (pre-cursors to modern china) never really considered the island as part of their "middle kingdom".

Meanwhile, the Dutch that colonized the island which they called Formosa (which is now Taiwan) to use as their base to trade with Japan. This was managed by the Dutch East India Company (Spain briefly tried to hone in on the island, but were driven out by the Dutch).

Eventually, the conflicts that led to the formation of modern china, spilled over to the island. Koxinga, a Ming dynasty warlord/general/rebel (born in japan to a mother who was japanese and a Ming dynasty general) overthrew the dutch on Formosa to establish a base for Ming dynasty rebels that wanted to re-take over the Qing dynasty. This event has historically been cited by the chinese as their historic claim over the island, but it seems no more valid than the Dutch claim which is basically moot (since as we know possesion is more than 9/10 of international law).

Of course the Japanese eventually defeated the Chinese in the Sino-Japanese war and the Qing ceded Taiwan to Japan as part of the Treaty of Shimonoseki. Japan basically occupied Taiwan until the end of WWII.

During the resolution of WWII and the Japanese surrender, basically, Japan was forced to give up all the territories that it gained all the way back from the end of WWI from the Republic of China which included the island of Formosa. The decision of who the territories should fall to were left up for the final Treaty of Peace with Japan which left the decision to the winners of WWII in the Pacific (basically the US, the UK and Soviet Union and the ROC).

Of course after WWII, this was all complicated as the Republic of China which was generally considered the KMT government at the time was overthrown by the People's Republic of China (Mao, etc) and the KMT government retreated and occupied Taiwan for many years claiming that they were still the KMT/ROC. That and the beginnings of the cold war power struggles led to the controversial Treaty of San Francisco which officially ended WWII in the pacific required that Japan cede Taiwan to one of the "winners" which due to a complicated set of circumstances, the ROC or the PRC were never specified (since they weren't invited to be part of the treaty because of the civil war at the time there was no agreement on who the government was).

In fact with some stretching, it's possible to conclude that the Treaty of San Francisco actually leaves Taiwan as an occupied territory of the United States (sort of like berlin was occupied by 4 powers at the end of the war in europe).

So it's actually debatable that Taiwan is even a country and if it is, if it is actually part of China or an independent country in it's own right...