Kaspersky: Maxtor markets password-pilfering Dutch disk drives
Buy now and get free malware
Security mavens from Kaspersky say they have discovered a nasty virus that came pre-installed on Maxtor external hard drives sold in the Netherlands.
The virus, dubbed Virus.Win32.AutoRun.ah, was found on the Maxtor 3200 Personal Storage, according to this press release from Kaspersky (translated from Dutch to English courtesy of FreeTranslation.com).
The company said the virus roots around a computer in search of gaming passwords. The malicious code also rifles through a computer's contents and deletes mp3 files, according to a separate description of the virus, also from Kaspersky.
A spokesman for Seagate, which recently acquired Maxtor, said the company was investigating Kaspersky's findings. "This scenario seems unlikely because the 3200 does not have any software preloaded on the drive so there is not an opportunity for a virus to be loaded," he said. Yes the drive is formatted but I have never heard of a virus that lives in the master boot record."
The report comes days after the discovery that Medion laptops shipped to stores in Denmark and Germany were infected with a 13-year-old virus. "Stoned.Angelina" was a low-risk virus that infects the master boot record of a hard disk. Apart from its ability to replicate, it carries no payload.
The virus infecting the Maxtor drive, by contrast, was discovered less than four months ago, and considering claims of password theft, it appears to rise significantly above the nuisance level. What's more, it's installed as soon as a user plugs in the drive and double clicks on a corresponding icon, according to Kaspersky. It tries to install itself with an autorun.inf file in the root of the external disk which runs a file called GHOST.PIF.
The virus was found on several Maxtor hard disks of various capacities bought on Monday. Kaspersky speculates they were infected during formating in the factory. ®
COMMENTS
PC World
I bought the same as bioeddie - ie a Maxtor 500gb External Hard Drive from PC World in Stockport, Greater Manchester, a few days ago. Connected it up and exactly the same thing happenned. Luckily I am running AVG anti virus which spotted exactly the same Trojan horse.
When I looked on the drive itself it contained the ghost.pif file as well as an autorun file.
I am returning it to the store tomorrow so I'll see what sort of reaction I get!
Ghosat
Brought two 500gb Maxtor External Hard drives from a pc world store and used one in Cheltenham where it currently is and the other 80 miles away on a pc which has never been connected to a network or to the internet.
the two Hard drives were never in contact with each other but the findings were the same as can be seen in the following.
Object Name: Ghost.pif ( this being the file name on the disc )
Object path: H:\ ( being one of the relevent paths on the Hdd )
Discovery: Trojan Horse PSW.Generic4.TUP
I later when back to Pc World in Merthyr Tydifil where i was greeted with it was impossible and that they dont come with viruses, When i asked them to open one up they were really reluctant as if they knew this virus lived on the disk being sold.
I spoke to the manager of the store and the tech guy but they really didnt know and said that i didnt know what i was talking about.
I would advise anyone reading this not to purchase any Maxtor disk from Pc world until they have investigated this problem, if Pc world want proof i will supply them with this inorder to protect the people intending to purchase these items.
@ Dustin
You actually believe that anything you have not personally seen, couldn't happen?
I guess we never sent anyone to the moon either, eh?
missed maxtor going..
missed maxtor going to seagate, must of had a life that month. :-)
Who does that leave at the top of the 'good' drive chart ? is Hitachi still out there ?
Security?
The first thing I do with a new hard drive is get the hammer out, bash it one. Then I jump up and down it a few times.... If I'm feeling really comprehensive about it I connect it to a Mac ;)
