Taiwan Screams Conspiracy In Hard Drive Debacle

Last week, Maxtor external hard drives in Taiwan were discovered to be preloaded with Trojan horse malware. Approximately 1800 units were contaminated, but only 300 were believed to be sold. Based in two files, autorun.inf and ghost.pif, the program was designed to automatically upload any saved data to two web sites based in China: www.nice8.org and www.we168.org. (Source: taipeitimes.com)

When the Taipei Times broke the story on Sunday, investigators made claims of a Chinese plot to spy on its tiny island neighbor. Since China has been known to run Internet- and technology-based spying in the past, investigators said it was likely Chinese authorities were involved. Adding fuel to the fire was the fact that the "infected" models were the same type typically used in Taiwanese government offices.

The following day investigators modified their suspicions when the culprit turned out to be one of Seagate's subcontractors. Neither Seagate nor authorities released the name of the contractor or what part the company played in the manufacturing process. (Source: taipeitimes.com)

This is the second report this year of Maxtor hard drives being sold with malicious software installed. In September, anti-virus maker Kaspersky Lab issued a report stating that Maxtor units for sale in the Netherlands were preloaded with the virus Win32.AutoRun.ah.

During the Dutch incident, the virus (also hidden in autorun.inf and GHOST.PIF files) searched for gaming passwords and deleted MP3 files. It was surmised that the software most likely found its way onto the drives during formatting. At the time, a spokesperson for Maxtor's parent company, Seagate Technologies, said it was unlikely the virus could have operated as Kaspersky claimed because Maxtor storage units do not come with software installed. "The drive is formatted," the spokesperson said, "But I have never heard of a virus that lives in the master boot record." (Source: theregister.co.uk)

There is no evidence to link the Taiwanese and Dutch events as part of some larger scheme, and it seems unlikely since the malware operated differently in each case. However, considering that Seagate products have been hit twice it might be wise for the company to re-evaluate its supply chain.