Seagate hard drives turn into spy machines

Seagate hard drives turn into spy machines

www.prisonplanet.com

SEAGATE hard-drives, made in Thailand, are having trojan horse software pre-loaded, possibly in a spy effort by the Chinese government

So far more than 1,800 of the portable Maxtor hard discs, carried two Trojan horse viruses: autorun.inf and ghost.pif

(visit the link for the full news article)

This story sounds too unlikely to be true. Since hard drives are sold being empty, how can they point the finger at the hard drive manufacturer for this?


www.prisonplanet.com
(visit the link for the full news article)

reply to post by Copernicus


Every hard drive I have brought brand new with no data on it (that is visible) still has space used. That is, if I buy a 300GB HDD, about 4GB’s is already used. I don’t know what that 4GB’s is used for but I certainly know that any storage device that says its X amount of memory never has that amount available for storage. I assumed it was data used so that the HDD knows how to communicate with other devices (ie motherboard, processor etc).

Im not saying that there is spy software pre installed, just that whatever you buy, the advertised space is never the space you have available =]

reply to post by rapturas


A certain amount of space is used when the drive is formatted (divided into sectors so the operating system can understand how to read/write the data), so if thats what you mean, its very normal.

Here is some more info.


[edit on 12-11-2007 by Copernicus]

A bit of information is lacking in the article.

So far more than 1,800 of the portable Maxtor hard discs, carried two Trojan horse viruses: autorun.inf and ghost.pif

A pif is a file that contains setting that describe how windows should run a non-window program. Remember running DOS apps on windows. And an AUTORUN.INF file is used to autostart. Put a CD in the drive and it starts up the setup, etc.

It would be helpful to examine what is in the two files as those alone should not be a virus or Trojan program. There should be an additional files.
People now will probably see INFs and PIFs on their computers and panic.

Another story that really doesn't tell the story.

What about formatting the new drive before use like most people do (or use to do).

Edit:

Feel free to panic if lead.exe or leadpaint.exe is detected. Just couldn't resist.


[edit on 11/12/2007 by roadgravel]

Found some more information.

In September, the British online information technology magazine The Register published information saying that Kaspersky Labs had found a pre-installed virus named Virus.Win32.AutoRun.ah on Maxtor 3200 external hard drives sold in the Netherlands.

PASSWORDS

When the virus accesses software, it looks for gaming passwords and deletes mp3 files.

The publication asked Seagate to verify the information, but a company spokesperson said: "This scenario seems unlikely because the 3200 does not have any software preloaded on the drive so there is not an opportunity for a virus to be loaded. Yes, the drive is formatted, but I have never heard of a virus that lives in the master boot record."

The Register said that Kaspersky Labs believes the virus is installed as soon as a user installs the drive and double clicks on its icon.

The Link

This now make sense.

reply to post by Copernicus


Interesting stuff but thats referring to Data-Recovery and the theory behind how data is written. im referring to brand new, never used before HDD's and memory cards such as SD, Pro DUO etc. If you buy a brand new HDD or memory card and without writing any data to it be sure that the specified storage capacity (as advertised) is not the total amount you will be able to assign data to =] im sure its harmless but was very annoying for me when I first found out. I thought, why not advertise it as 296GB's of storage instead of 300GB's if you are only able to physically use 296GB? im sure there is a perfectly reasonable explanation for it so I wont rant anymore lol

For my SD card, say you have a file that is 1.98 or 1.99GB's in size and you have a 2GB memory card, you wont be able to store that file on your memory card due to lack of space. That was the annoying thing for me but i got over it =]

edit: oops didnt see the above post. must be the The Master Boot Record (MBR) then www.dewassoc.com...

[edit on 12-11-2007 by rapturas]

reply to post by roadgravel


I admit it sounds theoretically possible. A hard drive could come with something installed in its MBR and this would get read when Windows tries to recognize the device I guess.

So it should only work if you already have a computer with Windows and you are installing this drive as a extra hard drive. Because otherwise, Im fairly sure the drives MBR gets completely overwritten when you install Windows on it.

Its pretty interesting stuff... first time Ive heard of something like this.


[edit on 12-11-2007 by Copernicus]

I agree with marg this used up space is from the partition table and it will have a partition table always or windows can't read or write.. this includes any type of hard drive or any storage at all for that matter and the amount of space used can vary depending inode and block size..

anyway 296GB out of 300GB is pretty good as my 120GB drives show up as 111GB after format...but then again i am using a non standard partition table.

at any rate that is what the used space is for.


Respectfully,
GEO

[edit on 11/12/2007 by geocom]

reply to post by rapturas


that pisses me off to no end...when i bought this pc it was advertised as a 160 gig hd. when i plug it in and scope it out, there is not 160 gigs available.
same with the memory stick for my psp, digi cam, thumb drives....they're all that way...
it's got some kind of info on it already.

i'm with you though....if you advertise it as 160 gig, why not actually make it 164 gigs so that 4 gigs can have whatever is on it and you actually have 160 free gigs..

more of a pet peeve than anything

Originally posted by rapturas
Im not saying that there is spy software pre installed, just that whatever you buy, the advertised space is never the space you have available =]

They use the same misleading technique that ISPs do. If the drive is advertised as 200GB, it's actually 200 billion bytes. One kilobyte is actually 1024 bytes, a megabyte is 1024 KB and so on and so forth. When you recalculate the space this way, you should reach the same amount your OS displays. Any additional missing space can be attributed to overhead, as explained by geocom.

On topic, I'm guessing the autorun bug slipped in at the factory through somebody's thumb drive. I see the bug every time in my line of work, it's really infectious. When opening a thumb drive, don't double-click on the icon in My Computer. Instead navigate to the drive by clicking on 'Folders' and then selecting the drive. Make sure you set your 'Folder options' to show hidden files and system files.

The bug comes under several guises:
-autorun.inf
-autorun.vbs
-autorun.some-weird-character-i-can't-replicate

Basically if it's ANYTHING but a CD or DVD, it shouldn't have ANY file called autorun.whatever.

One more thing, get Tweak UI so that you can disable autorun on all the other drives that aren't your CD/DVD drive.

I don't think there was really a lot of magic here. It sounds like files were added logically to the disk and the Maxtor install/setup/maintenance program kicked it off.

There was the Virus.Win32.AutoRun.ah, plus an autorun.inf and .PIF. Being an external drive, most people mostly likely plug it in and access the Maxtor program.

So much for thinking start with new copies of anything is OK or a solution.

reply to post by Beachcoma
Good point, an autorun,inf on a fresh hard drive is suspicious. The OS should be able to deal with a new drive in todays world. And if it can't, what good would the .inf be anyway.

Originally posted by rapturas
reply to post by Copernicus

 

Interesting stuff but thats referring to Data-Recovery and the theory behind how data is written. im referring to brand new, never used before HDD's and memory cards such as SD, Pro DUO etc. If you buy a brand new HDD or memory card and without writing any data to it be sure that the specified storage capacity (as advertised) is not the total amount you will be able to assign data to =] im sure its harmless but was very annoying for me when I first found out. I thought, why not advertise it as 296GB's of storage instead of 300GB's if you are only able to physically use 296GB? im sure there is a perfectly reasonable explanation for it so I wont rant anymore lol

For my SD card, say you have a file that is 1.98 or 1.99GB's in size and you have a 2GB memory card, you wont be able to store that file on your memory card due to lack of space. That was the annoying thing for me but i got over it =]

edit: oops didnt see the above post. must be the The Master Boot Record (MBR) then www.dewassoc.com...

[edit on 12-11-2007 by rapturas]

The reason why your 300GB HD can't store 300GB is because of two things:
-The file system (FAT32, NTFS etc.) uses some of that space to write the partition table and other internal stuff it uses to keep track of the files. This is less notizeable with some other file systems, ie Linux.

-The manufactures define one kilobyte as 1000 bytes, while in reality it's 1024 bytes. This means the actual disk space is about 24kB less per MB, or about 24MB less per GB. A 300GB disk then has about 7200MB or 7.2GB less actual storage space.

As for virus in the MBR...most disks come unformatted and thus doesn't even have a MBR, but I think some external disks come preformatted with FAT32. I guess you could hide viruses on those if you wanted.

Edit:
I see now that 100!=1024 was already explained, and that we are in fact talking about an external disk. In that case it is most likely formatted with FAT32 and has usually two files on the root of the drive: autorun.inf and some-name.ico (manufacturer/brand logo). Autorun.inf tells windows to display this icon instead of the standard disk icon, and in many cases it also launches software installed on the disk (typically disk tools). In this case it would be quite easy to install a virus on the disk.

[edit on 12-11-2007 by DrLeary]

The technical details are listed here, along with uninstall instructions.

Grrrr.

Here's what Seagate says about it.

a molar virus that searches for passwords to online games and sends them to a server located in China. It also deletes other molar viruses and can disable virus detection software.

The effects of this virus are minimal.

The effects are minimal?

Good thread Copernicus!
I read the story from another source earlier today and found it interesting.

hardware.slashdot.org.../11/11/2246246&from=rss

I have often wondered if things like this go on,as that chunk of potential data we all lose when installing a new HDD has made me suspicious.

I mean I know we lose a chunk due to the way the HDD is formatted,but could somthineg sinister be hiding in there?It appears so.

Had loads of maxtors in the past BTW!