backtop

Print E-mail del.icio.us 36 comment(s) - last by howi.. on Nov 16 at 4:07 AM
Seagate Maxtor Basics Personal Storage 3200 external HDDs get hit with the Virus.Win32.AutoRun.ah virus

The hard disk drive (HDD) market is a relatively boring one. Sure, there are capacity increases in the mobile and desktops sectors every once in a while, but spindle speeds have stayed relatively the same -- HDDs don't exactly have the same sex appeal as quad-core processors or high-end graphics cards.

Seagate, however, is making news these days not for how fast or capacious their new drives are; but for what's included on them from the factory. Seagate is warning customers that a small batch of its 500GB Maxtor Basics Personal Storage 3200 external drives shipped with the Virus.Win32.AutoRun.ah virus. The company blames a Chinese sub-contract manufacturer for the problem.

"According to Kaspersky the virus is the Virus.Win32.AutoRun.ah, a molar virus that searches for passwords to online games and sends them to a server located in China," said Seagate in a posting on its website. "It also deletes other molar viruses and can disable virus detection software."

Seagate notes that the only English-language game that is affected appears to be World of Warcraft. The other games are Chinese-language titles.

According to Seagate, at least one drive was affected with the virus. PC World reports, however, that as many as 1,800 drives were infected.

Seagate urges customers that purchased a 500GB Maxtor Basics Personal Storage 3200 to scan the drive with antivirus software that has the latest virus definitions installed. For those that don't have antivirus software installed, Seagate provides a download link for a 60-day trial of Kaspersky Anti-Virus 7.0.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Argh!!
By Chadder007 on 11/14/2007 8:42:55 PM , Rating: 5
China strikes again!!




RE: Argh!!
By Etern205 on 11/14/2007 8:45:36 PM , Rating: 3
Why am I not surprised?


RE: Argh!!
By gradoman on 11/14/2007 8:48:08 PM , Rating: 3
China, lol. What'll they screw up next?!


RE: Argh!!
By Master Kenobi (blog) on 11/14/2007 8:55:14 PM , Rating: 4
Well if you follow typical operations in chinese manufacturing plants this is no surprise. Someone (likely a group of guys) was paid off by some MMO currency seller operation thats run in China (so many you can't count) and got them to pre-load this as part of the manufacturing process so it would be put on them probably right after the standard NTFS formatting. Happens all the time in China.

Lesson of Wisdom: Wipe all data bearing assets before you use them.


RE: Argh!!
By Etern205 on 11/14/2007 10:37:45 PM , Rating: 2
I had a friend who bought a player from China found out there was a virus cause his virus scanner detected it. So instead of just deleting that infected file, he decided to format it. And after that the player stopped working.
lol


RE: Argh!!
By mcnabney on 11/14/2007 11:06:55 PM , Rating: 2
MP3 player?

Format = no player software, go figure?


RE: Argh!!
By Master Kenobi (blog) on 11/15/2007 8:02:35 AM , Rating: 3
Well you can generally re-flash an mp3 player in most instances. The firmware is available on the web.


RE: Argh!!
By mindless1 on 11/15/2007 4:38:17 PM , Rating: 2
Probably not a matter of flashing it but that it has an incompatible filesystem and/or missing crucial files now, preventing it from finishing booting so there's no way to reformat (or owner can't figure out the right format).

The player manufacturer/seller/brand may have a util that can help, or it could be that a firmware installer app also readys and/or corrects the flash partition too.


RE: Argh!!
By howi on 11/16/2007 4:07:12 AM , Rating: 2
I hope I've got some of you wrong but please read my quote from ComputerWorld.com (scroll down a few posts) and you'll find that the infected drives are coming from THAILAND, rather than China. Then the payload will send stolen data to two Chinese domains.

Screw up? Strikes the world? Yes, the crooks in China screw YOU up if you happen to get those infected drives without scanning it or properly prep them.

Welcome to the new morning of cyber-crime, while yesterday we've got Russian mafia working with the spam king-pin in Florida!


RE: Argh!!
By kileil on 11/14/2007 9:49:19 PM , Rating: 4
Notice how the housing looks suspiciously like lead?

I'm buying one of these for the bastard kid down the street.


RE: Argh!!
By sapiens74 on 11/15/2007 4:29:04 PM , Rating: 2
Bahaha


RE: Argh!!
By herrdoktor330 on 11/14/2007 10:20:35 PM , Rating: 3
I'm betting it's some kid that works at the outsourced center that wants to start his side business of selling gold and loot on eBay. Very clever. Lame. But clever.


Seagate...
By daftrok on 11/14/2007 8:57:23 PM , Rating: 2
Seems like ye ol' seagate be lettin' in them Trojan ships from ye ol' Orient....arrrrrr....




RE: Seagate...
By fk49 on 11/14/2007 9:06:21 PM , Rating: 3
Hey, they're just here to help you store more porn. No problem with that.


RE: Seagate...
By JonnyDough on 11/14/2007 10:29:18 PM , Rating: 2
If that's the case who cares if you have a virus pre-installed or not? If you're surfing porn you'll probably end up with it anyway.


RE: Seagate...
By Christopher1 on 11/14/07, Rating: 0
RE: Seagate...
By Master Kenobi (blog) on 11/15/2007 8:03:36 AM , Rating: 2
It's the free porn that generally has it, not the paid stuff. But thanks for sharing.


RE: Seagate...
By ThisSpaceForRent on 11/15/2007 8:27:11 AM , Rating: 3
If it wasn't for porn, where would the Internet and virus protection be without it? Wasn't porn the first service you could buy on the Internet?


RE: Seagate...
By mindless1 on 11/15/2007 4:51:09 PM , Rating: 2
you could buy software and much viri were distributed over bulletin boards as software. Viri don't depend on porn it's just one of the more popular lures, but actually less effective because porn files aren't EXEs in most cases and there aren't many player exploits.


RE: Seagate...
By mindless1 on 11/15/2007 4:44:45 PM , Rating: 2
There are three types of porn sites in this regard:

1) Legit Business operating like they sell a product with responsible actions, or at least looking for repeat customers if illegal content.

2) Shady biz selling a product that looks for extra income from trying to push spyware or more illegal password/financial scavenger malware.

3) Sites where they might gladly take money for porn but their core reason for having porn is to draw you to the site so they can browse-by infect as many people as possible. Same applies to many fake warez 'sites.


RE: Seagate...
By daftrok on 11/14/2007 11:03:50 PM , Rating: 2
Ahh ye damsels flow through ye ol' seagate more than ye mom does....arrrrr....


RE: Seagate...
By shaggeo68 on 11/14/2007 10:26:02 PM , Rating: 2
lol....nicely put. Great accent you have, there!


RE: Seagate...
By Ringold on 11/14/2007 10:36:29 PM , Rating: 5
I was flipping past History Channel on the way to CNBC the other day, and paused as I saw a special on modern piracy.

You wouldn't believe it if I told you, but it's actually a serious, and huge, problem! No, bass fisherman off the coast of Florida aren't getting teeth pulled out for their gold fillings, but along Africa, the Mid East, and particularly South East Asia, it's a daily problem.. potentially thousands of attacks on the high seas per month.

The worst apparently came out of China for a little while; then the Chinese cracked down, executed a bunch without a trial, and now they've moved on down the coast a ways.

Really advanced operations.. Moles inside the docks that leak manifests and shipping schedules; entire multi-million dollar container ships disappear, all the latest weapons and electronic gadgets.

Nobody says much because admitting it would be bad for business, and they can't do much about it because in some places the police and coast guard moonlight as pirates themselves! Some carry hired mercenaries, but boarding parties can be 70-80+!

Apparently this all really got kicked off when we and the Soviet's stopped running our routine Cold War naval patrols..

http://www.history.com/shows.do?action=detail&epis...

Flying at low altitude over the Caribbean is asking to run afoul of the multitude of drug runners, I knew that much, but not about the resurgent modern-day Blackbeards.


Organized Crime
By grath on 11/14/2007 9:07:35 PM , Rating: 3
With any luck this incident will lead policy makers and law enforcement to start taking the "gold selling" phenomenon and related activities more seriously. For too long its been regarded as a joke or at the worst a nuisance and inconvenience, leaving it up to game developers to make futile attempts to slow it down and refusing to put into place any legal mechanisms to combat it. In reality its little different from any other criminal organization that systematically take advantage of a vice to gain profit. They setup their companies that hide across foreign borders to avoid legal action, they run sweatshop operations that exploit poor lower class workers, they trick people into revealing their passwords and then proceed to steal from them, both in-game and through real life identity theft, and now theyre infiltrating hardware subcontractors to plant viruses. People have probably been murdered to protect these operations or over typical 'turf wars' between organizations. How far must it go before people start to actually care?




RE: Organized Crime
By rudy on 11/14/2007 11:40:43 PM , Rating: 2
I think if game devs really cared they would just make it so the game code did not allow for trading amoung players. Case closed now you can only buy accounts. And I dont know about wow but make it so you pay 10$ per player rather then just access and you can make as many accounts as you want. But honesly blizzard probably makes more money off the farming script clients in china then it does the whole rest of the world. So they have no incentive to really stop it. I think the best step is for blizzard to just sell the merchandise directly and get the cash themself.


RE: Organized Crime
By darkpaw on 11/15/2007 9:11:22 AM , Rating: 2
While gold selling in any MMO is a bane, for many players the economy is just as much of the game as anything else. WoWs economy is already over simplified, allowing no trading what-so-ever would be far worse then damage inflicted by gold sellers.


Decisions, decisions
By jtemplin on 11/15/2007 11:48:31 AM , Rating: 2
Unofficial poll:

Would you prefer:

A. Your new HDD containing a virus

or

B. Upon opening the box, your new HDD is actually ceramic tiles

Tough one, I know, so sound off! =P




RE: Decisions, decisions
By mindless1 on 11/15/2007 4:47:59 PM , Rating: 2
The answer is easy, we'd want a HDD with a virus because any sane windows user doesn't have autorun enabled, and would not start running mystery EXEs found on a hard drive otherwise.


Chinese spy on Taiwan?
By howi on 11/15/2007 2:22:59 AM , Rating: 3
According to ComputerWorld.com, Taiwan authorities blamed the mainland China for such "attack"...

Update: Maxtor drives contain password-stealing Trojans
Seagate confirms infection during drive assembly, but says no indication of spying by Chinese authorities

Gregg Keizer

http://www.computerworld.com/action/article.do?com...

November 12, 2007 (Computerworld) -- Seagate Technology LLC has shipped Maxtor disk drives that contain Trojan horses that upload data to a pair of Chinese Web sites, the Taiwanese government's security service warned this weekend.

The Investigation Bureau, a part of the Ministry of Justice that's responsible for both internal security and foreign threats, said it suspected mainland China's authorities were responsible for planting the malware on the drives at the factory. "The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved," a story posted by the English-language Taipei Times reported Sunday. "Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said."

Seagate confirmed today that some Maxtor Basics 3200 drives were infected out of the box, but the company said it had no proof that the Chinese government was involved. "We discovered that a contract manufacturer had introduced a virus onto the drives during assembly," said Forrest Monroy, a Seagate spokesman, in an e-mail. "We have no indication, nor any reason to believe, that there is any government involvement in the virus issue."

According to the newspaper, about 1,800 Seagate-made drives left a Thailand facility with a pair of Trojan horses preinstalled. The two Trojans, said the Investigation Bureau, "phone home" to a pair of Web sites hosted in Beijing and report all data recorded on the compromised drive. Seagate, however, countered that the only data captured by the on-disk Trojans and sent to the Chinese Web sites were game-related passwords.

Internet records show that both sites -- www.nice8.org and www.we168.org -- were registered with XinNet.cn, one of China's largest domain registrars. Much of the registration information, however, including the contact name and mailing address, appears to be bogus.

The Investigation Bureau identified the infected drives as 500GB models and has demanded that the Taiwanese distributor pull all units from shelves. Of the 1,800 drives reportedly malware-equipped, 1,500 have been removed from the sales channel. The remainder had already been sold.

Seagate claimed that as soon as it discovered the infections, it put a "stop ship" order on all units leaving the factory. "The drives leaving the facility are [now] clean," Monroy said. But because some infected drives are in customers' hands, Seagate will post a 60-day trial version of Kaspersky Labs' antivirus software on its Web site. Users should scan any suspected Basics 3200 drive for the malware, Monroy advised. "Seagate apologizes for any inconvenience this may have caused our customers," he added.

This is not the first time that the government of mainland China -- the People's Republic of China -- has been accused of cyberspying or other computer hacks and attacks. Two months ago, it was fingered for hacks on U.S. military networks, and in May a U.S. Defense Department report said that China has beefed up its own armed forces' first-strike cyberattack capabilities.




By InternetGeek on 11/14/2007 10:29:56 PM , Rating: 2
That looks so weird...




Yes China does strike again.
By Smilin on 11/15/2007 12:01:25 PM , Rating: 2
How long until we figure out this isn't accidental?




By littleprince on 11/15/2007 11:51:14 AM , Rating: 1
Because Americans have never had problems with manufacturing? Or anyone else in the world?

This can happen to anyone and any company.




Wow
By RjBass on 11/14/07, Rating: -1
RE: Wow
By RjBass on 11/14/07, Rating: -1
RE: Wow
By Ringold on 11/14/07, Rating: -1
lol
By Joz on 11/14/07, Rating: -1
"The Space Elevator will be built about 50 years after everyone stops laughing" -- Sir Arthur C. Clarke

DailyTech Poll
Do you use copy/paste on your smartphone? 




16 Comments









botimage
Copyright 2010 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki