Malware found on new hard drives

Here's an interesting story that I found in my inbox.  The Taipei Times is reporting that around 1,800 new 300GB and 500GB external hard drives manufactured by Maxtor shipped with malware on them.  What makes this story even more interesting is that Taiwanese authorities suspected that Chinese authorities were involved.

The bureau said that hard discs with such a large capacity are usually used by government agencies to store databases and other information.

Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said.

The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved.

In recent years, the Chinese government has run an aggressive spying program relying on information technology and the Internet, the bureau said.

The bureau said this was the first time it had found that Trojan horse viruses had been placed on hard discs before they even reach the market.

But there's more to this story:

Following findings by the Investigation Bureau that portable hard discs produced by US disk-drive manufacturer Seagate Technology that were sold in Taiwan contained Trojan horse viruses, further investigations suggested that "contamination" took place when the products were in the hands of Chinese subcontractors during the manufacturing process.

...

Seagate did not disclose the stage in the manufacturing process where the Chinese subcontractor installed the Trojan horse.

Seagate recommended that all customers who had purchased the product install protective anti-virus software.

To this end, Seagate said that Kaspersky Labs would offer all Seagate customers a 60-day fully functional version of the Kaspersky Lab Anti-Virus 7.0 software for download and installation.

Now, malware can get into the manufacturing chain without the need for a subversive government plot and without more information it's hard to point fingers, but nonetheless, it's bad for Seagate/Maxtor.  No hard drive manufacturer wants to be found out to be shipping malware on drives.

However, there's a moral to this story.  Practice "safe sectors" and scan, or preferably wipe, all drives before bringing them into the ecosystem.  Don't assume that a drive is going to be blank and malware free.  Trust no one.  Same goes for USB flash drives - you never know what's been installed on them.

Thoughts?