Storage

Seagate offers warning about infected hard drives shipping with Trojans

Seagate has issued a warning about Trojan Virus.Win32.AutoRun.ah that has infected a number of shipped hard drives.

Seagate has issued a warning about Trojan Virus.Win32.AutoRun.ah that has infected a number of shipped hard drives.

An excerpt from ZDNet:

Seagate said that anti-virus vendor Kaspersky Lab had discovered the existence of a virus on some of its Maxtor Personal Storage 3200 hard drives.

The anti-virus company identified the virus as Virus.Win32.Ruh.ah — malware that can disable virus-detection software, although its prime function is to search for online game passwords and send them to a server in China.

This is not the first time that Seagate has shipped infected drives (VNUnet). While no hard drive manufacturer wants to be associated with Malware distribution, it should be noted by consumers to take apt precautions with new drives. As mentioned by Adrian Kingsley-Hughes at ZDNet, these precautions include a clean scan and wipe out on drives before they are put to use.

More news:

Seagate Storage Units Ship with Virus (eWeek)

Chinese Trojan on Maxtor HDDs spooks Taiwan (ChannelRegister)

Hard disk trojan sends saved files to websites (PC Pro)

Seagate Ships Virus-Laden Hard Drives (PC World)

25 comments
giscoord
giscoord

In reading the posts thus far, no one seemed to realize that the Maxtor 3200 is an external drive designed for additional storage and backup. It is preformatted at the factory and contains software to assist the user in maintaining their data. So, it would be easy for such a drive to infect a computer with a virus. Simply plug the virus into your USB drive and boom.

BALTHOR
BALTHOR

I suppose that in the drive's BIOS,at boot up,you can adjust things like drive size,plate striping,speed,bit size and read/write frequency.This virus could be on the drive or in the drive's electronic firmware.Does Kaspersky have a way to view and scan firmware.Firmware virus could appear in the registry as wrong commands or values.

BALTHOR
BALTHOR

How does a virus get into a hard drive?The drive is shipped with nothing recorded on it.The first thing that you do is to record the OS or a partition to the drive.Wouldn't that erase the virus?Could there be a portion of the drive that is never erased,a section where the worst virus live and where Kaspersky only scans in their labs?

j70141
j70141

I am quite a bit more concerned about HOW a virus got on the hard drives, one that sends information to a server in China. Corporate Sabotage? International Sabotage? I think this is something to be concerned about. I remember a time when the USA intentionally sent VCRs to Iraq with a pre-programmed virus. The VCRs were used to program missiles and the virus was programmed to cause them to miss their target.

Dumphrey
Dumphrey

a Maxtor Personal Storage XXXX. That tells me its a usb based external disk, probably formatted fat32 and containing some autorun pop up software to install google toolbar and some lame "One touch" back up software. Oh, and it looks like a virus as well.

w2ktechman
w2ktechman

that Maxtor was owned by Seagate! I like Maxtor drives too! Anyway, drives are shipped out pre-formatted in many cases. On others, they may even be pre-imaged by the manufacturer, with an image requested and built by a company.

CharlieSpencer
CharlieSpencer

Not all drives are used for operating systems. Many are purchased as secondary drives for additional storage space. So, no, the first thing you do may not be installing an OS. Obviously these drives are shipped with at least one thing on them: the virus.

Nomad10345
Nomad10345

Seems like a pattern to me. Didnt we just have some lead toys come from China? Among who knows what else that hasnt been announced yet.

DanLM
DanLM

No chit. Dan

Drakaran
Drakaran

yeah, it was a good laugh. BIOS is held in chips on the motherboard. Firmware is instruction and function lists for specific hardware so that they integrate more smoothly. I understand SOME hard drives now have a flash cache for items that are often accessed, but that's not a retainer of firmware, like, say the eproms for BIOS or a graphics card, etc. I wonder if a virus got on the flash cache of a hard drive if there's any trick to removing it from there? hmm

Oktet
Oktet

Yep, it is an external hard drive alright, that's funny because i always format all my external hard drives-before I use them.

DanLM
DanLM

I have two Western Digitals that I noticed that crap on. They are just what you said... USB drives. thats kind of funny actually. I have bought internal drives and made them USB by buying the case's.. And never had an issue putting them on my BSD box. The only time I ever bought USB drives as sold, my Unix box didn't like them. Thats why they are sitting on my windows machine right now. Just another reason not to make that mistake again. Again, thank you for pointing that out. Dan

Oz_Media
Oz_Media

The drive has a controller, that controller has a chipset. Can that chipset not become infected or exploited through the chipset software/ROM FLASH somehow?

stadia
stadia

Having been burnt once, many years ago, any new or used drive gets it's partition deleted and recreated before use. I use Partition Magic but there are other utils out there that do the same job (or it can be done in Disk Management).

DanLM
DanLM

I just happened to think... You buy a usb drive, and they have files already on them. At least mine did. Autorun.inf And these are 250 gig errrr, wd's. I really never looked at a brand new drive when I bought it to see what was on it... Usually, I'm buying larger and larger drives and either partition them or put them on my file server which is Unix. Makes you wonder what exactly is on a drive that is just purchased. Dan

Oktet
Oktet

that's pretty crazy.

Drakaran
Drakaran

then get a hard drive without flash. that should be the more common type of drive anyways.

GSG
GSG

I think you have the right idea. Pardon me if I don't get this exactly right as I'm not well versed in this area, but this is what I've gotten second hand... A friend just told me that he'd read a more comprehensive story about this and they found that the virus resided in the flash, which came from... wait for it.... China

robert_graff_79
robert_graff_79

What size drive. I have the 1TB office edition I think they have sata though. When I build my new system its goin in the boxx if my my book was ide it would already be in there although I am not sure if my bios or any update would handle 1tb.

Dumphrey
Dumphrey

an old WD MyBook (I will not swear they all are this way, but mine was)and took out a standard Ata 100 hard drive. Its now living in my linux box as an internal storage disk.

Editor's Picks