fooligar

I was planning to buy a new hard disk this thanksgiving. I researched a bit and came across this.. Scary..


FOCUSED ATTACK: Large-capacity hard disks often used by government agencies were found to contain Trojan horse viruses, Investigation Bureau officials warned
By Yang Kuo-wen, Lin Ching-chuan and Rich Chang
STAFF REPORTERS
Sunday, Nov 11, 2007, Page 2

Portable hard discs sold locally and produced by US disk-drive manufacturer Seagate Technology have been found to carry Trojan horse viruses that automatically upload to Beijing Web sites anything the computer user saves on the hard disc, the Investigation Bureau said.

Around 1,800 of the portable Maxtor hard discs, produced in Thailand, carried two Trojan horse viruses: autorun.inf and ghost.pif, the bureau under the Ministry of Justice said.

The tainted portable hard disc uploads any information saved on the computer automatically and without the owner's knowledge to www.nice8.org and www.we168.org, the bureau said.

The affected hard discs are Maxtor Basics 500G discs.

The bureau said that hard discs with such a large capacity are usually used by government agencies to store databases and other information.

Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said.

The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved.

In recent years, the Chinese government has run an aggressive spying program relying on information technology and the Internet, the bureau said.

The bureau said this was the first time it had found that Trojan horse viruses had been placed on hard discs before they even reach the market.

The bureau said that it had instructed the product's Taiwanese distributor, Xander International, to remove the products from shelves immediately.

The bureau said that it first received complaints from consumers last month, saying they had detected Trojan horse viruses on brand new hard discs purchased in Taiwan.

Agents began examining hard discs on the market and found the viruses linked to the two Web sites.

Anyone who has purchased this kind of hard disc should return it to the place of purchase, the bureau said.

The distributor told the Chinese-language Liberty Times (the Taipei Times' sister newspaper) that the company had sold 1,800 tainted discs to stores last month.

It said it had pulled 1,500 discs from shelves, while the remaining 300 had been sold by the stores to consumers.

Seagate's Asian Pacific branch said it was looking into the matter.

Hassun

Just buy one from another manufacturer.

__________________

Chiefblackhammer

What moron forgets to delete all partitions (if any), create new ones and format their hard drive before using it? No virus/Trojan is going to survive the nuking of the allocation table...so I don't see what the issue is unless your an idiot.

__________________

Legend

Generally you shouldn't even be able to use it right away when you first take it out of the box. You have to set the partition after if I remembered right.

__________________

aceman67

Legends right, I just got a Seagate 400gig SATA drive, and I had to format it before I could use it.

What probably happened was the Trojan's were on a hidden partition

__________________

Legend

So how do we protect ourselves?

__________________

aceman67

If it was Chinese Intelligence who did this, they probably only did it to a particular batch of drives that they knew would be bought by the US government, with only a small amount of them reaching the civilian market.

Low level formatting using a 3rd party partitioning software suite should do the trick. And now that this has reached public knowledge virus software suites will have definitions for the two infected files, so you should be ok. From what I got from the news artical was the trojans did nothing more then collect information and send it somewhere, so no harm was being done to your system other then your data being stolen.

__________________

Chiefblackhammer

While it is true that if you buy a few select external Hard Drives that they may be plug and play ready with the partitions already created and formatted (likely FAT32). But if you listen to what I said, anyone buying a new drive regardless of if it is internal or external should DELETE all partitions (if any) create new ones and then format the drive. No virus/Trojan can live through that. Thus anyone who goes through that process will never have to worry about this.

The only instance where the above would not help would be if the person installed a ROM chip on the drive which installed Trojan/virus every time the drive was powered on. BUT that is extremely hard to do in an environment where machines are automated and no human intervention to the drives at assembly is occurring. (The drives where infected with the virus/Trojan at the testing phase of the drives where humans do touch/handle them…people would notice you sitting off to the side soldering thousands of ROM chips on to the drives...when they are only suppose to be testing them.)

SO…Delete partitions (if any), Create new partions, Format Drive…!

__________________