Posted on 11/12/2007 2:00:49 PM PST by Mount Athos
Portable hard discs sold locally and produced by US disk-drive manufacturer Seagate Technology have been found to carry Trojan horse viruses that automatically upload to Beijing Web sites anything the computer user saves on the hard disc, the Investigation Bureau said.
Around 1,800 of the portable Maxtor hard discs, produced in Thailand, carried two Trojan horse viruses: autorun.inf and ghost.pif, the bureau under the Ministry of Justice said.
The tainted portable hard disc uploads any information saved on the computer automatically and without the owner's knowledge to www.nice8.org and www.we168.org, the bureau said.
The affected hard discs are Maxtor Basics 500G discs.
The bureau said that hard discs with such a large capacity are usually used by government agencies to store databases and other information.
Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said.
The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved.
In recent years, the Chinese government has run an aggressive spying program relying on information technology and the Internet, the bureau said.
The bureau said this was the first time it had found that Trojan horse viruses had been placed on hard discs before they even reach the market.
The bureau said that it had instructed the product's Taiwanese distributor, Xander International, to remove the products from shelves immediately.
The bureau said that it first received complaints from consumers last month, saying they had detected Trojan horse viruses on brand new hard discs purchased in Taiwan.
Agents began examining hard discs on the market and found the viruses linked to the two Web sites.
Anyone who has purchased this kind of hard disc should return it to the place of purchase, the bureau said.
The distributor told the Chinese-language Liberty Times (the Taipei Times' sister newspaper) that the company had sold 1,800 tainted discs to stores last month.
It said it had pulled 1,500 discs from shelves, while the remaining 300 had been sold by the stores to consumers.
Seagate's Asian Pacific branch said it was looking into the matter.
These drives often come with software to transfer from one’s old hard drive to the new one.
Were any of these sold in the US, I wonder.
The tainted portable hard disc uploads any information saved on the computer automatically and without the owner's knowledge to www.nice8.org and www.we168.org, the bureau said.
I feel like buying one of these drives, running the trojan, and saving lots of malware to my computer. ;-)
Just to the DoD and IRS...
But, grin, what fun! Hook it up to the DMZ port on my router so it is outside my hardware firewall and LAN... Go surfin' the web with IE, no security, no firewall, etc. Pick up as much trash as possible. Then connect up one of these drives and share the love! ;-)
So here is an interesting scenario. I have a business next to a military base, and sell several thousand blank disks to base personnel per year...some for private use and some for office use. I get this great hard worker named Wong who applies and has no issue accepting my low pay scale.
Wong is a great salesman. He sells disks by the hundreds each day...and even talks me into a discount plan for GI’s who flash a ID card.
Somewhere down the road...I walk into the storeroom...and find some really high effort underway to unpack the incoming shipments of disks...open them...and insert some unknown disks into the batch...repacking the whole disk pack.
I discover that Wong is selling a updated disk...which isn’t blank...and puts a program on the computer to allow open access via the firewall...either at the guy’s house or on the base network. It may take a million disks...but eventually one of them will find their way to the classified network...and then some interesting things could happen in a very short period of time.
You can smell trouble coming on this episode...and we will all suffer in the end.
You’re right. That’s one of the reasons why where I work there are a number of security rules. Among them:
No personal USB/jump drives, period.
No iPods, MP3 players in the facility, period. (similar to USB drives)
No cell phones, no bluetooth, period.
No wireless, period.
No personal PDAs, no sync with any un-official PDAs.
Thou shalt not install anything yourself. (sysadmins only)
Thou shalt never know the admin password. ;-)
Thou shalt not change the IE security settings.
Email and web access is through a dedicated firewall machine that employs various scanners.
Any CD/DVD brought in from the outside world must go through a dedicated (and isolated) virus/trojan scanner machine - even commercial audio CDs.
So in theory, if everyone follows the rules, and the scanner and firewall machines are kept up to date, something like your scenario shouldn’t happen. Still, we keep the really important stuff on a separte network and set of machines that are completely isolated from the outside world, and where removable media is simply not allowed, period. Only sysadmins may use removable media, and normal users are never root, don’t know the root password, etc.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.