Malware preinstalled on new hard drives
The Taipei Times is reporting that around 1,800 new 300GB and 500GB external hard drives manufactured by Maxtor shipped with malware on them. What makes this story even more interesting is that Taiwanese authorities suspected that Chinese authorities were involved.
“The bureau said that hard discs with such a large capacity are usually used by government agencies to store databases and other information. Sensitive information may have already been intercepted by Beijing through the two Web sites. That the method of attack was unusual, adding that it suspected Chinese authorities were involved. In recent years, the Chinese government has run an aggressive spying program relying on information technology and the Internet. This was the first time it had found that Trojan horse viruses had been placed on hard discs before they even reach the market.”
Now I’m not a security expert or anything like that, but doesn’t everyone format the hard drive before you install your OS on it? Of course you can use it just like storage device, and in that case something like that would be probably possible…
Source: Cnet
Comments(50)
Yeah um, what the hell?
I would format my new HDD even if it were a storage device.
But still, what the hell?
Probably many people that buy external harddrives don’t even know what formatting is. Typically external drives come preformatted.
I just bought a new maxtor harddrive lol.
But I formatted it.
I even format flash drives, without looking, when they come pre loaded with mostly crappy shareware games.
in the past, there were pressed CDs with viruses on them. got your game, and a bonus virus.
Got 250GB Maxtor, about few years old…But I can’t remember if I formatted it or not… =P But I’ve got it in NTFS-format so don’t know if external drives in those days were already on it. Been thinking about getting a 500GB drive and if I do get it…DAMN! I will sure as heck format it from now on rofl.
The bureau said, the bureau said….. The bureau said, the bureau said what a boring read that extract was.
Ahh, i have a 500GB and i have NOT formatted it EVER. Its about a year old.
Im actually buying another one so ill format that one.
Re-formatting a hard-drive does not make it clean.
Files can still be recovered. If you want it brand-new clean, from the manufacturer [not Maxtor's, obviously
]. Download WipeDrive PRO and follow the instructions.
What about viruses that infect MBR ? (master boot record)
I remember one very old virus called Kaczor that was doing this and it didn’t helped even if you formated the HDD.
So I guess it was something like that.
Well guys don’t just format HDD
I think you should also use some utilz to wipe the Boot Sector and MBR
I personally use only Hitachi (IBM) drives
can’t exactly say that a news source from taiwan is likely to be neutral towards china… but then, this doesn’t sound too unlikely either
Oh, btw: even better idea is to hide it in the Drive firmware.
Which antivirus is checking firmware of the drives ?!
So no formating or wiping helps in this case.
to Ozzy: so what? the only way to get rid of piracy is to get the rls grps, not ppl who dl and spread, that’s only the afthermath ;P
umm, lol, where did my post go?
The Chinese are not good people.
The Chinese are not good people.
Is that a sweeping generalisation, born of prejudice? Just wondering.
About time China got nuked!
On what basis would anyone here be scared if the chinese
saw what u were on to on the net.and even if it was hidden in bootsector/firmware a prober virus/firewall prog would detect any strange traffic on ur connection???
heck the chinaman dont scare me,i think the country and its
population is to big for any kind of proper administration,
but thats another story,point is they are just as good/bad as any of us.and 1500 hd’s sounds more like internal marked to me.
i found 2 illegal immigrants inside my new hard drive – i was furious! but i decided to keep them – they now take care of my garden and cooking – and it only costs me a cup of rice a day.
you didnt get rid of all of them martin, nuking china? paying immigrants with rice?
come on, those are biggoted fascist, discriminating stuff, which you didnt delete, so dont have a problem with. if i would say the same thing about jews for instance, would that be ok? nuke israel and pay jews with koosher meat? is that ok too?
be consequent.
post 14, The Chinese are not good people.
so if i say jews are not good people, would that be ok here too?
releaselog supports discrimination, racism, bigotry and hate against certain nations, races and religions, judging by the things they allow and the things they delete.
americans arent good people, nuke the usa, pay americans with mcdonalds junkfood. that should be allowed too.
It’s not because you’ve formatted it, that the ‘malware’ is deleted. So Maxtor is teh su_k
if you weren’t so quick to reach for the moral highground, you’d realise my post was a thinly veiled criticism of the exploitation of immigrant workers.
@8 bewb, rhymes with newb. Re-formatting DOES get rid of the data. You just have to do it several times consecutively after the first wipe. DoD (US) standard I believe is 35 wipes. I cannot remember how many passes though.
Recommended tool for everyone: Darik’s Boot and Nuke or you all can download Eraser from http://www.heidi.ie and it will come with it. Boot and nuke comes in ISO or Floppy format.
Have fun and don’t be stupid.
Hi,
well, formatting alone still would not be enough to allow a malware to be run.
there is a a sector that would not be formatted using the standard tools.
I had also such a Maxtor disk.. was a 250GB unit, refurbished.
It didn’t boot correctly on my Gigabyte board, so I researched a bit and found out about it. I downloaded a tool then to delete that sector. From then on everything worked fine.
Basically you can load everything into that sector.. if you are good.
the tool I used was “s0kill.exe” … google for it if interested
HaHaHa… All i can say is “Wright Zero’s To The Drive”
I would prefer maybe this article to be written by a hard drive expert – it gives no real information how the virus gets on the HDD in the first place. To assume a working virus is installed on the HDD – well I would assume it would be installed with the bundled CD software. To have a virus installed ON the hdd it would first have to be partitioned, formatted, and a filesystem put on there and then, most likely to be read by a windows system (assuming it’s a windows filesystem) and then assuming someone would run a lone file from the new HDD. now, if it’s an MBR virus; correct me if i’m wrong but since you cannot put a whole OS onto an MBR, and just information about the partition tables and such I doubt it has intelligence to scan your hdd and send data over your ethernet card while your computer is off. Anyone else ? The evidence doesnt make sense to me. And if it doesnt make sense it’s probly not true.
the chinese people should be ashamed of their government, if i was chinese, i would not stand for this
Those Chinese bastards! And this is what happens when USA wants cheap labor. We let our enemy build our computers, toys, TV, etc, etc. And our enemy is slowly killing us with lead paint, tainted pet food, poisun seafood food, and viruses to monitor our every moves – man, this is scary. China wanna take over the USA.
SEAGATE bought MAXTOR
SEAGATE bought MAXTOR
SEAGATE bought MAXTOR
SEAGATE bought MAXTOR
first-maxtor is responsible for the final quality of the product
if they subcontract they still have to verify and approoved the product
second-this sound like the mattel way of doing business-blame the subcontract
people will only remember this,and then send an apology saying your specs
were wrong to start with
third -Yang Kuo-wen,one of the journalist from yhe taipe news that got the
article out–is on every blog known and is seeing a world wide conspiray
from china–sounds like a personal grudge to me
fourth–it has becomes a plan b-rules to blame the chinese for anything that
goes wrongs in business..then deal with the real problem after.
Don’t think Microsoft doesn’t build in back doors and unlike Chinese made hard drives, you actually use Windows, with this code approved by the NSA.
China spies, just like every country.
The Chinese are 99% poor, so it’s NOT really a Chinese people’s issue, but rather like your own government, a political issue over power. And everyone knows in China, the people have NO rights, no say, no voice, except for what the Communist Party ideology proclaim.
If you think about it, when Mao died, had the U.S. not open China, when Nixon began investing in China, the Chinese people would have overthrown their leaders, because of failures one after another.
Now, the Communist Party uses the economic development, to hold on, as there is nothing else the evil party can offer it’s people.
Getting back to hard drives, these hard drives came from Thailand, which happens to be more and more under Communist Party control.
The other websites reporting back your information was not only Beijing, but also South Korea and yes, even Dallas in the United States…
I bet lots of readers didn’t know this, right?
got 2 chinese trojans up my arse & reformatting right now. i always believe they were greeks so you understand my surprise!
UK’s Serious Organized Crime Agency Demonstrates “Frightening Windows XP Hack” to Microsoft
http://www.news.com/Microsoft-exec-calls-XP-hack-frightening/2100-7349_3-6218238.html?tag=cd.lede
You guys really think the Chinese care about your measly lives? Tawain wants their independance China doesnt. China has missles aimed at them if they were to talk about seperation again they would rather wipe them out of the Pacific.
You guys must really think your important to think they care about what movies your watching. LOL
Even if you overwrite all “free space” 7 times you can still leave megabytes of data on a drive.
Disk drives contain a number of areas where data can hide from overwriting, including Host protected areas, Drive configuration overlays, and Re-mapped bad blocks.
Most businesses are purchasing larger hard drives, so by passing on this data back to Beijing, or your competition, your getting access to new innovation, secrets and policies, not just movies, or mp3 files as some seem to only think.
Getting access to networks is big business. It’s foolish to assume, that a large hard drive wouldn’t be used by the government or corporate employee.
As for China, you had better read Sunzi, the art of war.
@37 me
hey you–taiwan hosted the fleeing corrupted chinese gouvernement overthrow
by the revolution,,would be like cuba,welcoming the confederate army after
they loss,,,a situation created by the u.s policies at that time,so a problem
created by them.
plus the local original people and the japanese immigrants from when it was formosa
Reuters reported that it was a Seagate disk discovered in Taiwan, but the truth is, the Maxtor Basics 3200 (aka PS 3200) is available all over the world, and the infected lot made its way to many regions including China, Russia and the Middle East. Our source confirmed that the problem was discovered internally almost two months ago, and only boiled over last week when the Taiwanese government got mad at China.
all this talk bout chinese makin me hungry. mmmmmm kun pao chickennn….aaaaaaahhhhgggggggg!
About the myth that data can still be read off a hard drive unless it’s been overwritten 20+ times;
Yes, scientists working in high-tech labs using ridiculously expensive equipment have had some success at detecting magnetic patterns of data that has been overwritten, but such things are well outside the means of the average hacker. It is also impossible for a standard hard drive to retreive data that has been overwritten even ONCE.
If you don’t believe me, contact any professional data recovery service and tell them that you accidentally zero-filled the entire drive. Make sure that you tell them that the data was only overwritten ONCE. Ask them how much it will cost to recover the data from such a drive. They’ll tell you that it can’t be done. Why would they turn down the opportunity to charge people obscene amounts of money for recovering the data, unless it can’t be done outside of the CIA?
And if normal hard drives were capable of reading data that had been overwritten even once, don’t you think that hard drive companies would be using this ability to make drives that could store twice as much?
It’s true that there might be some data on the drive that a format will miss, however that same data would likely be missed by one of those “secure erase” programs. Once data has been overwritten a single time, for all intents and purposes, it’s GONE.
the usa is tracking every move of their citizens, taking away their rights, putting them in jail for downloading pron etc and you guys worry about some malware on a chinese harddisk? LOOOL!, fools. look at your own fascist government first, then point fingers after you have solved your problem.
With today’s hard drives it’s so easy leave some data hidden (about 1-10Gb) and accessible only by the firmware, then a trojan could store sensitive data to “later appreciation”.
And no format or wipe will erase such data…
If it’s alright for the yanks to do I don’t see a problem with China doing it.
China for the world superpower, you never know – they may be eying out the terrorist nation of Kazakhstan *lol*
sounds like a conspiracy theory to me…
the fact that it wasn’t reported anywhere else also rings alarm bells
finally, there are actually no sources quoted or referenced other than the ministry of justice… not a tech company or a information gathering agency like the CIA or FBI, but more like your local police enforcement ring
it sounds like either over-zealous local enforcers, conspiracy theorists, or a mix of the two…
of course, its possible that it’s true… but then, its also possible that the US gov’t is using satellites to read people’s minds and the only way to stop them is to wear tinfoil hats…
Fomating is unless,once the computer recognizes the drive, the virus has already installed.
Your computer must recognize your drive before you can format it, don’t you ?
Fomating is useless
“DoD (US) standard I believe is 35 wipes. I cannot remember how many passes though.”
Not quite. IT’s not a simple format, formatting removes the file table entries. The DoD level wipe (which is the same as thed canadian version) is atleast 10 passes, but it’s not simply formatting, it’s zeroing out the drive.
It formats. Fills the entire drive with 1’s, formats, does it again. For each pass the drive is formatted and filled.
After 5 passes only someone with real skillz and equipment / software can recover your data, after 10 passes it’s gone as every spot on the drive has been wiped / filled 10 times.
The one we occasionally use here is called “DSX” and is used by the RCMP. Extremely slow of the highest (DoD) standard but if you are paranoid completely safe.
Are drives shipping already formatted and partitioned now? The last 4 external drives I purchased (320g, 2×500g, 200g) were all blank drives that needed to be partitioned right off the bat.