Update: Maxtor drives contain password-stealing Trojans

Gregg Keizer   Today’s Top Stories   or  Other Storage Stories  

A Roundtable Discussion on File Management Getting the Most from DFS Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management Symantec Backup Exec" System Recovery 8.5: The Gold Standard in Complete Windows System Recovery Fast and Simple Recovery of Your Critical Microsoft® Applications with Symantec Backup Exec" Breaking through the Dissimilar Hardware Restore Challenge Virtual Reality SCSI Inflection Point: The New Era of Serial Attached SCSI SaaS Solutions for Remote Systems Management Sign up to receive Storage Resource Alerts

November 12, 2007 (Computerworld) -- Seagate Technology LLC has shipped Maxtor disk drives that contain Trojan horses that upload data to a pair of Chinese Web sites, the Taiwanese government's security service warned this weekend.

The Investigation Bureau, a part of the Ministry of Justice that's responsible for both internal security and foreign threats, said it suspected mainland China's authorities were responsible for planting the malware on the drives at the factory. "The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved," a story posted by the English-language Taipei Times reported Sunday. "Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said."

Seagate confirmed today that some Maxtor Basics 3200 drives were infected out of the box, but the company said it had no proof that the Chinese government was involved. "We discovered that a contract manufacturer had introduced a virus onto the drives during assembly," said Forrest Monroy, a Seagate spokesman, in an e-mail. "We have no indication, nor any reason to believe, that there is any government involvement in the virus issue."

According to the newspaper, about 1,800 Seagate-made drives left a Thailand facility with a pair of Trojan horses preinstalled. The two Trojans, said the Investigation Bureau, "phone home" to a pair of Web sites hosted in Beijing and report all data recorded on the compromised drive. Seagate, however, countered that the only data captured by the on-disk Trojans and sent to the Chinese Web sites were game-related passwords.

Internet records show that both sites -- www.nice8.org and www.we168.org -- were registered with XinNet.cn, one of China's largest domain registrars. Much of the registration information, however, including the contact name and mailing address, appears to be bogus.

The Investigation Bureau identified the infected drives as 500GB models and has demanded that the Taiwanese distributor pull all units from shelves. Of the 1,800 drives reportedly malware-equipped, 1,500 have been removed from the sales channel. The remainder had already been sold.

Seagate claimed that as soon as it discovered the infections, it put a "stop ship" order on all units leaving the factory. "The drives leaving the facility are [now] clean," Monroy said. But because some infected drives are in customers' hands, Seagate will post a 60-day trial version of Kaspersky Labs' antivirus software on its Web site. Users should scan any suspected Basics 3200 drive for the malware, Monroy advised. "Seagate apologizes for any inconvenience this may have caused our customers," he added.

This is not the first time that the government of mainland China -- the People's Republic of China -- has been accused of cyberspying or other computer hacks and attacks. Two months ago, it was fingered for hacks on U.S. military networks, and in May a U.S. Defense Department report said that China has beefed up its own armed forces' first-strike cyberattack capabilities.

Continued...
1 | 2 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"Do different hard drives actually make different sounds as they grind to a horrible death? The answer is, yes. Some..." Read more... Read more Storage posts or See all Blogs

Windows users indifferent to Microsoft patch alarm, says researcher Tech jobs down sharply but not out Apple yanks antivirus advice from its Web site More top stories...

Microsoft slates 8 bug updates for year's final Patch Tuesday De Beers tries to force spoof news Web site offline over fake ad Microsoft confirms Yahoo's Lu to run online services

Review: The new MacBook Air, now with extra SSD goodness Thin as ever, the latest Air offers up to twice the storage and snappy performance. Cool Stuff: Your 2008 Holiday Gift Guide We've got an array of economical, expensive, and just plain weird tech gifts for your friends and family. Massive botnet returns from the dead, starts spamming The spam-spewing 'Srizbi' botnet that was shut down two weeks ago has been resurrected and is again under criminal control, say security researchers. Elgan: Why you can't trust 'friends' on Facebook Facebook is popular and growing -- especially with criminals. Here's why they love it. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Enabling Data Centers that Are Both Automated and Dynamic Enabling Data Centers that Are Both Automated and Dynamic View this webcast now! Go to the webcast  The Business Value of Tape Storage Download this complimentary Technology Briefing today! (Source: Dell) Reliable. Long-lived. Portable. Affordable. Energy-stingy. These and many other attributes of tape storage are virtually assuring a continued market for tape storage, a conclusion reached by IDC and many others. Combined with other storage solutions, tape is an integral part of any data archiving strategy. Download this executive briefing  Brocade and the File Area Network - A Taneja Group Solution Profile Get this white paper now! (Source: Brocade) This Taneja Group report examines how Brocade FAN solutions are creating a stateless end-to-end file and block data infrastructure. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. 8 Things You Need to Handle Today's Network Traffic Next-Gen Load Balancing: 3 Keys to Successful Delivery of Advanced Web Apps Building a Reliable and Dynamic Data Center with PAN Manager by Egenera View more whitepapers

• Windows users indifferent to Microsoft patch alarm, says researcher
• Microsoft slates 8 bug updates for year's final Patch Tuesday
• Tech jobs down sharply but not out
• More top stories 

Business Continuity Zone An organization's business continuity plan helps keep critical functions running during an emergency–the power fails, a virus is unleashed on your network, a natural disaster has occurred. Even the slightest downtime or loss of data can cripple your operation. CDW can help you prevent disaster by implementing a well-planned recovery strategy. Click here to visit the Zone See All Zones

Intercept Spam & Viruses With MessageLabs MessageLabs is offering a complimentary 30 day trial of its managed Anti-virus and Anti-spam security solutions. MessageLabs guarantees complete protection against all know and unknown email threats. By providing 24 hour support, your business can increase productivity and decrease risk. Register for a complimentary trial and receive a free datasheet. Download this white paper now!

Jack Demo Have WAN acceleration solutions got your head spinning? Our Technology Demo sorts it out. See how our technology offers a comprehensive solution to the entire WAN performance issue including mobile workers' needs. Download this demo and discover how everyone, from branch office workers to executives and sales people on the go, get the same LAN-like access to their enterprise applications and data they enjoy when they're at headquarters. Go now!

• Too good to ignore: 6 alternative browsers

• Apple yanks antivirus advice from its Web site

• Microsoft spells out Vista SP2 contents

Read more news 

• Myth: Every system has Internet access

• Christmas Lottery

Read more Shark Bait