backtop

Print E-mail del.icio.us 36 comment(s) - last by howi.. on Nov 16 at 4:07 AM
Seagate Maxtor Basics Personal Storage 3200 external HDDs get hit with the Virus.Win32.AutoRun.ah virus

The hard disk drive (HDD) market is a relatively boring one. Sure, there are capacity increases in the mobile and desktops sectors every once in a while, but spindle speeds have stayed relatively the same -- HDDs don't exactly have the same sex appeal as quad-core processors or high-end graphics cards.

Seagate, however, is making news these days not for how fast or capacious their new drives are; but for what's included on them from the factory. Seagate is warning customers that a small batch of its 500GB Maxtor Basics Personal Storage 3200 external drives shipped with the Virus.Win32.AutoRun.ah virus. The company blames a Chinese sub-contract manufacturer for the problem.

"According to Kaspersky the virus is the Virus.Win32.AutoRun.ah, a molar virus that searches for passwords to online games and sends them to a server located in China," said Seagate in a posting on its website. "It also deletes other molar viruses and can disable virus detection software."

Seagate notes that the only English-language game that is affected appears to be World of Warcraft. The other games are Chinese-language titles.

According to Seagate, at least one drive was affected with the virus. PC World reports, however, that as many as 1,800 drives were infected.

Seagate urges customers that purchased a 500GB Maxtor Basics Personal Storage 3200 to scan the drive with antivirus software that has the latest virus definitions installed. For those that don't have antivirus software installed, Seagate provides a download link for a 60-day trial of Kaspersky Anti-Virus 7.0.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Argh!!
By Chadder007 on 11/14/2007 8:42:55 PM , Rating: 5
China strikes again!!




RE: Argh!!
By Etern205 on 11/14/2007 8:45:36 PM , Rating: 3
Why am I not surprised?


RE: Argh!!
By gradoman on 11/14/2007 8:48:08 PM , Rating: 3
China, lol. What'll they screw up next?!


RE: Argh!!
By Master Kenobi (blog) on 11/14/2007 8:55:14 PM , Rating: 4
Well if you follow typical operations in chinese manufacturing plants this is no surprise. Someone (likely a group of guys) was paid off by some MMO currency seller operation thats run in China (so many you can't count) and got them to pre-load this as part of the manufacturing process so it would be put on them probably right after the standard NTFS formatting. Happens all the time in China.

Lesson of Wisdom: Wipe all data bearing assets before you use them.


RE: Argh!!
By Etern205 on 11/14/2007 10:37:45 PM , Rating: 2
I had a friend who bought a player from China found out there was a virus cause his virus scanner detected it. So instead of just deleting that infected file, he decided to format it. And after that the player stopped working.
lol


RE: Argh!!
By mcnabney on 11/14/2007 11:06:55 PM , Rating: 2
MP3 player?

Format = no player software, go figure?


RE: Argh!!
By Master Kenobi (blog) on 11/15/2007 8:02:35 AM , Rating: 3
Well you can generally re-flash an mp3 player in most instances. The firmware is available on the web.


RE: Argh!!
By mindless1 on 11/15/2007 4:38:17 PM , Rating: 2
Probably not a matter of flashing it but that it has an incompatible filesystem and/or missing crucial files now, preventing it from finishing booting so there's no way to reformat (or owner can't figure out the right format).

The player manufacturer/seller/brand may have a util that can help, or it could be that a firmware installer app also readys and/or corrects the flash partition too.


RE: Argh!!
By howi on 11/16/2007 4:07:12 AM , Rating: 2
I hope I've got some of you wrong but please read my quote from ComputerWorld.com (scroll down a few posts) and you'll find that the infected drives are coming from THAILAND, rather than China. Then the payload will send stolen data to two Chinese domains.

Screw up? Strikes the world? Yes, the crooks in China screw YOU up if you happen to get those infected drives without scanning it or properly prep them.

Welcome to the new morning of cyber-crime, while yesterday we've got Russian mafia working with the spam king-pin in Florida!


RE: Argh!!
By kileil on 11/14/2007 9:49:19 PM , Rating: 4
Notice how the housing looks suspiciously like lead?

I'm buying one of these for the bastard kid down the street.


RE: Argh!!
By sapiens74 on 11/15/2007 4:29:04 PM , Rating: 2
Bahaha


RE: Argh!!
By herrdoktor330 on 11/14/2007 10:20:35 PM , Rating: 3
I'm betting it's some kid that works at the outsourced center that wants to start his side business of selling gold and loot on eBay. Very clever. Lame. But clever.


Seagate...
By daftrok on 11/14/2007 8:57:23 PM , Rating: 2
Seems like ye ol' seagate be lettin' in them Trojan ships from ye ol' Orient....arrrrrr....




RE: Seagate...
By fk49 on 11/14/2007 9:06:21 PM , Rating: 3
Hey, they're just here to help you store more porn. No problem with that.


RE: Seagate...
By JonnyDough on 11/14/2007 10:29:18 PM , Rating: 2
If that's the case who cares if you have a virus pre-installed or not? If you're surfing porn you'll probably end up with it anyway.


RE: Seagate...
By Christopher1 on 11/14/07, Rating: 0
RE: Seagate...
By Master Kenobi (blog) on 11/15/2007 8:03:36 AM , Rating: 2
It's the free porn that generally has it, not the paid stuff. But thanks for sharing.


RE: Seagate...
By ThisSpaceForRent on 11/15/2007 8:27:11 AM , Rating: 3
If it wasn't for porn, where would the Internet and virus protection be without it? Wasn't porn the first service you could buy on the Internet?


RE: Seagate...
By mindless1 on 11/15/2007 4:51:09 PM , Rating: 2
you could buy software and much viri were distributed over bulletin boards as software. Viri don't depend on porn it's just one of the more popular lures, but actually less effective because porn files aren't EXEs in most cases and there aren't many player exploits.


RE: Seagate...
By mindless1 on 11/15/2007 4:44:45 PM , Rating: 2
There are three types of porn sites in this regard:

1) Legit Business operating like they sell a product with responsible actions, or at least looking for repeat customers if illegal content.

2) Shady biz selling a product that looks for extra income from trying to push spyware or more illegal password/financial scavenger malware.

3) Sites where they might gladly take money for porn but their core reason for having porn is to draw you to the site so they can browse-by infect as many people as possible. Same applies to many fake warez 'sites.


RE: Seagate...
By daftrok on