Computer Crime Research Center


Virus hits gamers

Date: November 15, 2007

Seagate is warning customers of its external hard drives that their bare drive may not be so bare after all -- it might have a Trojan hidden on it. The infection is relatively harmless, unless you play "World of Warcraft," and still very rare. Only 1,800 machines were infected. But it does raise the issue of problems in the manufacturing process.

The issue involves Maxtor Basics Personal Storage 3200. Seagate bought Maxtor in 2005 for $1.9 billion. Somehow, a virus called Win32.AutoRun.ah, a molar virus that searches for passwords to online games, got on the drives.

All but one of the games affected are Chinese. The one non-Chinese game is "World of Warcraft," an online game from an American firm, Blizzard Entertainment. After grabbing the login and password info of a game, the info is sent to servers based in Korea and the U.S., not China as previously believed.

The virus also deletes other molar viruses (password stealing viruses) and can disable virus detection software. However, it is a few months old and the majority of antivirus software products can detect and remove it.

To assist its customers, Seagate is making a version of the Kaspersky antivirus software with a 60-day usage license available for free download.

In a statement on its Web site, Seagate said the problem was traced to a sub-contract manufacturer located in China and that all units now leaving the facility in question have been cleared of the virus.

While the virus is relatively benign and the overall infection rate is small, the incident raises bigger issues surrounding manufacturing and purchasing storage. Even though many drives come pre-formatted for use out of the box, it's not a good idea to do that.

"I would always format my hard drive as soon as it arrives," Paul Ferguson, network architect for antivirus vendor Trend Micro told "For many people, most hard drives arrive pre-formated from the plant and they use it as is. My advice would be always reformat the drive before installing anything on it."

Added Randy Abrams, director of technical education with antivirus vendor ESET Software, "Any device that stores data today really has to be suspect when you receive it. Items can be returned after a user has accessed them. Some stores are not sophisticated enough to realize they need to check the contents of returned thumb drives, and media players, or potentially even hard drives."
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo