Malware found on new hard drives

Malware found on new hard drives

Summary: The Taipei Times is reporting that around 1,800 new 300GB and 500GB external hard drives manufactured by Maxtor shipped with malware on them. What makes this story even more interesting is that Taiwanese authorities suspected that Chinese authorities were involved.

SHARE:
66

Here's an interesting story that I found in my inbox.  The Taipei Times is reporting that around 1,800 new 300GB and 500GB external hard drives manufactured by Maxtor shipped with malware on them.  What makes this story even more interesting is that Taiwanese authorities suspected that Chinese authorities were involved.

The bureau said that hard discs with such a large capacity are usually used by government agencies to store databases and other information.

Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said.

The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved.

In recent years, the Chinese government has run an aggressive spying program relying on information technology and the Internet, the bureau said.

The bureau said this was the first time it had found that Trojan horse viruses had been placed on hard discs before they even reach the market.

But there's more to this story:

Following findings by the Investigation Bureau that portable hard discs produced by US disk-drive manufacturer Seagate Technology that were sold in Taiwan contained Trojan horse viruses, further investigations suggested that "contamination" took place when the products were in the hands of Chinese subcontractors during the manufacturing process.

...

Seagate did not disclose the stage in the manufacturing process where the Chinese subcontractor installed the Trojan horse.

Seagate recommended that all customers who had purchased the product install protective anti-virus software.

To this end, Seagate said that Kaspersky Labs would offer all Seagate customers a 60-day fully functional version of the Kaspersky Lab Anti-Virus 7.0 software for download and installation.

Now, malware can get into the manufacturing chain without the need for a subversive government plot and without more information it's hard to point fingers, but nonetheless, it's bad for Seagate/Maxtor.  No hard drive manufacturer wants to be found out to be shipping malware on drives.

However, there's a moral to this story.  Practice "safe sectors" and scan, or preferably wipe, all drives before bringing them into the ecosystem.  Don't assume that a drive is going to be blank and malware free.  Trust no one.  Same goes for USB flash drives - you never know what's been installed on them.

Thoughts?

Topics: Malware, Hardware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

66 comments
Log in or register to join the discussion
  • The moral is

    Don't outsource components that run business and other important things to countries such as China that do this type of thing. Once it is found out their contract should be pulled and no business should deal with these companies.

    There should be a multi billion dollar lawsuit brought against these companies. This is just as bad if not worse then what Sony did with its root kits.
    Doink
    • AND...

      Always ZERO out your hard drive after the initial install, be it as a backup
      drive or installing an OS. Helps to wipe the drive clean and mark any bad
      sectors so the OS will not attempt to write data there.
      NoPumpGas
    • Don't start pointing figures too quickly, bro...

      Go read the news on taipei times. There is no evidence that the Chinese authority did it. It is sounds more like a political slander, given the strained relationship across the strait. Upload 500G's content over the network from taiwan to beijing is a nightmare. I am also wondering what kind of OS does the taiwanese government use in their data center? If they use windows and have an IT department that doesn't format hard drives before use, they deserve to have their ass kicked.

      Last year, there were news about new ipod shipped with virus. This is probably the same story: manufacture's computers are infected.
      nrfool
      • The story

        The story actually had me not only thinking of this issue but also of the paint they are putting on the toys our children play with, I also mentioned that anyone that does this should have their contracts pulled and people should not deal with them until they get their junk straight.

        It is also another reason to format the hard drive out of the box which I tend to do anyway, its just ridiculous that it may hurt a production system or company network because someone throws one of these drives on your network, or you get one of these parts from a vendor and now your network is compromised.
        Doink
      • Read the article

        THe author says, Seagate did an internal investigation, there was not a full 500 G's on the drive, Malware could be as small as 200k. Read the artcle before you fly off the handle. It has already been proven elsewhere that the Chinese Goverment is involved in widespread virus's and hacking, not just in this article. You talking about a country that provides that largest amount of counterfit goods in the world,not to mention medicines and unsafe food products that are killing people.
        terrencehealy@...
    • The moral is

      China has been a barrel of wild monkeys lately! Lead Paint, bad toys, Trojans on HD's.... maybe it's time to buy Made in America, Canada, Mexico, and Australia.
      aussieblnd@...
      • The only problem is...

        US manufacturers have all outsourced the manufacturing to - you guessed it - China (and other places) - where the price of labor is dirt cheap (relatively speaking). If we were to be forced to buy something made in the USA, the price of the same hardware would be MUCH more expensive given US workers demand a decent wage, EXPENSIVE benefits, and perks that cost money that gets passed on to consumers.
        Wolfie2K3
        • it's not the labor

          Of course, our labor is more than the Chinese. It, howver, is foolish to think that this would be the reason for high prices. It is the corporations and their penchant for higher profits each quarter that is driving prices up.

          I not saying they should not be looking for profits, but they want the rate of profit to rise each quarter or the CEO get fired (with a multi million severance.)

          Labor is a part of the picture, but not the biggest one.
          ramuno
          • I'm outspoken with this, but...

            I've always felt that the highest executive in the US (the President of the United States) is either underpaid or all the others (running corporations) are vastly overpaid. If corporations really wanted to see their profits fly without ripping the consumer, they'd cut the hell out of the multi-million dollar salaries and billion-dollar benefits packages for the CxOs out there. Same goes for 99% of the athletes out there. They're vastly overpaid and are arrogant beyond endurance.

            However, it is also quite apparent that the security at these manufacturing plants bites the big one, or the contamination of the HDDs would not be possible. Time to bring the factories back to the States, folks. Like, now?
            Raymond Danner
          • Prices and profits

            Its high time the consumers realised that they have the power to do something about all this gross profiteering. In their never ending quest for more profits companies forget that they have a duty to their customers as well as their shareholders. They should take smaller salaries instead of the obscene figures they take home every year, and they should take a fair profit which would allow them to keep the jobs in their own countries as well as making these products affordable. I for one do not buy anything made in these countries for these reasons and also because the companies do not pass on their savings to the customers. The wanton greed never ends until we do what must be done i.e. If they are not selling anything then their greedy profiteering ends. Remember, money is highly portable, you can spend it anywhere.
            bill.andersen@...
          • you betcha

            well of course, it's not like OUR government would do things to spy on us...........
            mikeandmax@...
      • made in u.s.a.?

        i tried to find an esspreso maker not made in china, i'm still looking! buying american is a nice try, but you won't find much thanks to places like wal-mart and macy's.
        gscrivner7@...
        • Wrong

          You won't find it, because the vast majority of consumers want things that cost less. If consumers were willing to pay the premium for 100% American made products, they'd be made and sold.

          If they did, clothes would be made here instead of 3rd world countries.
          notsofast
          • No Not alway's

            The factory that I worked in for 12
            years was here in the U.S . We sold
            the products and paid the workers a
            good wage! But they had to move over
            seas because Wally World kept making
            orders for a few million parts of a
            of a product and then after the order
            was all but done and shipping they
            would come in and tell you that you
            had to lower the price or they would
            cancel the order. This is where you
            saw the adds on TV showing you how
            they had lowered the price of the item
            that you where buying!
            It is company's like this that drove
            most U.S working company's out of the
            country.

            Another thing, company's that make
            these part make a 50 to 70 % profit on
            every product that they make, and they
            have to do this every year and keep it
            the same to keep the stock holders
            happy.
            We can and did make product here in
            the U.S while paying a very good wage,
            but when a company can go over sea's
            and make up over 100% profit on each
            part of the product then they will,
            And do!
            Just look at the new Apple Ipad,
            they are making right at 50% profit on
            each one.
            Now I am not saying that it is wrong
            for a company to make the best in
            money that it can for it's product,
            But there has to be some sense put
            back into the market or it will just
            get worse.
            ie, just look at what has transpired
            the last two and one half years.

            This type of actions we are seeing
            out of China will not stop anytime
            soon either. And the only thing that
            can be done is for people in each
            country to stop buying anything that
            is made there. Then things will start
            to change.
            Because as it is now no one in any
            government will pass a law that lowers
            the amount of profit a company can
            make by being over sea's.
            At least in till we stand up and say
            NO!
            And I do not see this happening
            anytime soon.
            Daedalu
  • Few do

    I have to convert to ext3 anyway, whatever format if comes with (probably fat32), with a full format always done, however, the general consumer, no way. There are millions of wide open hotspots, customers plug the wireless router in, hey, I'm on the internet and happily (and obliviously) surf wide open for snoopers. Same happens with any drive/device. Plug it in, "hey, it just worked" and that's the end of it.

    Given the story, they should probably come unformatted, WiFi boxes should come closed, etc, but that could lead to "hard to use".

    TripleII
    TripleII-21189418044173169409978279405827
    • Ext3

      I always reformat my hard drives, always have, even when I was a windows user.
      tracy anne
    • Would formatting the drive be enough?

      I'm wondering if they somehow borked the solid state components of the drive mechanism itself or if formatting would be enough to wipe it?

      This seems like a big risk for very little gain. It might be going to a government office, it might also be holding some dude's p0rn. You'd think a government with the resources of the Chinese could do better.

      Another thing that should be bothering people but hardly anyone seems to care about is that volumes of data on every American citizen is conveniently sitting on servers in India, China, Singapore, Pakistan and Romania. Or, even if it's here, there still might be an outsource partner in one of those countries running the server. Your prescription meds, medical history, phone records, credit card purchases, bank records..a treasure trove of information. You think foreign governments are not going to help themselves? Building dossiers on every person they do business with, every elected official, trade representative, ambassador, consulate staff...hey, look here, one of the consulate staff has a gambling problem and likes Asian escorts. A gold mine for foreign intelligence services.

      Imagine going to negotiate a business deal and the person on the other side of the table asks how your wife is getting along after her recent surgery and if that Amoxicillin is working for you. Oh, and it looks like your girlfriend just charged another $3,000.00 on her Macy's card. Expect her to ask for more money.
      Chad_z
      • yes, it's scarey, but

        If i knew i was being spied upon, i would slur the pot with a whole lot of misleading or useless information, perhaps to cause a favorable reaction (ie, make china buy google for $500M+).

        the typical repressive government's response is repression,sterilization and if necessary, spin control.

        The "open press" government uses spin control and bombardment
        Spin control whitewashes the event, while bombardment overloads the media with other useless info (superstar did ...? , 29% of car thefts occur on Thursdays or Fridays - pick any 2 days). We get "teabagged" while conspiracies brew.



        So, spy on me and you get all my spam, (I'll even send the filtered stuff), lots stuff only of water pistol toting environmentalists, computer geeks only care about crap to filer through before reaching my $100-- debit card account or my plans to take over the planet.

        God of Silicone, I wish I knew how to reformat my bios, cpu, cell phone and the toaster.
        sagetumbleweed@...
  • USB drives

    My son recently gave me a USB flash drive that he bought from Best Buy with their 'Geek Squad ' logo on it. He said it was acting wierd and losing info. I ran a virus scan and found a root kit installed on the USB drive and a failed root kit installation on his hard drive. the only reason it failed was the OS was x64 and this was designed for a 32 bit OS. After I reformatted it the problem went away but it still has a separate propriety partition that I have been unable to access or format. What is on this partition and who owns it? I certainly can't trust this drive that was made in China.
    yagijd
    • Try this

      Insert the infected HDD into an 'external' drive. Plug drive into 'host' computer-(DO Not Open Files)! Scan 'guest' drive with your AV. (I use Vista Ultimate w/OneCare). This should 'isolate' the 'malware'.(at this point you can extract files that you want to save - reinsert them later (I save them to DVD)). Next run 'malicious software removal tool'. Format drive while still conected to the host. I have used this method many times with great success. Happy Trails!

      Muj
      Mujibahr