Update: Maxtor drives contain password-stealing Trojans
Seagate confirms infection during drive assembly, but says no indication of spying by Chinese authorities
Computerworld - Seagate Technology LLC has shipped Maxtor disk drives that contain Trojan horses that upload data to a pair of Chinese Web sites, the Taiwanese government's security service warned this weekend.
The Investigation Bureau, a part of the Ministry of Justice that's responsible for both internal security and foreign threats, said it suspected mainland China's authorities were responsible for planting the malware on the drives at the factory. "The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved," a story posted by the English-language Taipei Times reported Sunday. "Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said."
Seagate confirmed today that some Maxtor Basics 3200 drives were infected out of the box, but the company said it had no proof that the Chinese government was involved. "We discovered that a contract manufacturer had introduced a virus onto the drives during assembly," said Forrest Monroy, a Seagate spokesman, in an e-mail. "We have no indication, nor any reason to believe, that there is any government involvement in the virus issue."
According to the newspaper, about 1,800 Seagate-made drives left a Thailand facility with a pair of Trojan horses preinstalled. The two Trojans, said the Investigation Bureau, "phone home" to a pair of Web sites hosted in Beijing and report all data recorded on the compromised drive. Seagate, however, countered that the only data captured by the on-disk Trojans and sent to the Chinese Web sites were game-related passwords.
Internet records show that both sites -- www.nice8.org and www.we168.org -- were registered with XinNet.cn, one of China's largest domain registrars. Much of the registration information, however, including the contact name and mailing address, appears to be bogus.
The Investigation Bureau identified the infected drives as 500GB models and has demanded that the Taiwanese distributor pull all units from shelves. Of the 1,800 drives reportedly malware-equipped, 1,500 have been removed from the sales channel. The remainder had already been sold.
Seagate claimed that as soon as it discovered the infections, it put a "stop ship" order on all units leaving the factory. "The drives leaving the facility are [now] clean," Monroy said. But because some infected drives are in customers' hands, Seagate will post a 60-day trial version of Kaspersky Labs' antivirus software on its Web site. Users should scan any suspected Basics 3200 drive for the malware, Monroy advised. "Seagate apologizes for any inconvenience this may have caused our customers," he added.
This is not the first time that the government of mainland China -- the People's Republic of China -- has been accused of cyberspying or other computer hacks and attacks. Two months ago, it was fingered for hacks on U.S. military networks, and in May a U.S. Defense Department report said that China has beefed up its own armed forces' first-strike cyberattack capabilities.
Related News and Discussion:
- China denies its military hacked Pentagon network
- Lewd celebrity photos mask Trojan payload
- C.J. Kelly's blog: Hacking Stupidity 101: Never hack from home
Read more about Data Storage in Computerworld's Data Storage Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Endpoint Security White Papers | Webcasts