Seagate is warning customers of its external hard drives that their bare drive may not be so bare after all — it might have a Trojan hidden on it. The infection is relatively harmless, unless you play “World of Warcraft,” and still very rare. Only 1,800 machines were infected. But it does raise the issue of problems in the manufacturing process.
The issue involves Maxtor Basics Personal Storage 3200. Seagate bought Maxtor in 2005 for $1.9 billion. Somehow, a virus called Win32.AutoRun.ah, a molar virus that searches for passwords to online games, got on the drives.
All but one of the games affected are Chinese. The one non-Chinese game is “World of Warcraft,” an online game from an American firm, Blizzard Entertainment. After grabbing the login and password info of a game, the info is sent to servers based in Korea and the U.S., not China as previously believed.
The virus also deletes other molar viruses (password stealing viruses) and can disable virus detection software. However, it is a few months old and the majority of antivirus software products can detect and remove it.
To assist its customers, Seagate is making a version of the Kaspersky antivirus software with a 60-day usage license available for free download.
In a statement on its Web site, Seagate said the problem was traced to a sub-contract manufacturer located in China and that all units now leaving the facility in question have been cleared of the virus.
While the virus is relatively benign and the overall infection rate is small, the incident raises bigger issues surrounding manufacturing and purchasing storage. Even though many drives come pre-formatted for use out of the box, it’s not a good idea to do that.
“I would always format my hard drive as soon as it arrives,” Paul Ferguson, network architect for antivirus vendor Trend Micro told InternetNews.com. “For many people, most hard drives arrive pre-formated from the plant and they use it as is. My advice would be always reformat the drive before installing anything on it.”
Added Randy Abrams, director of technical education with antivirus vendor ESET Software, “Any device that stores data today really has to be suspect when you receive it. Items can be returned after a user has accessed them. Some stores are not sophisticated enough to realize they need to check the contents of returned thumb drives, and media players, or potentially even hard drives.”
It’s yet another manufacturing black eye for China. All year there have been recalls of children’s toys made in China due to lead paint, and an iPod virus infection in late 2006 also originated in China.
In the iPod instance, it was found that a manufacturing computer had been connected to the Internet and someone used it to download games, thus allowing for the infection, according to Jamz Yaneza, research project manager at Trend.
“Companies need to keep their manufacturing systems off the Internet,” said Yaneza. “There is no reason for manufacturing systems to be online. You don’t want to introduce any variables that may interfere with your process. It’s supposed to be a closed system.”
Abrams concurred. “In order to prevent new devices from leaving with inappropriate content of any type on them, it is essential for there to be processes in place that prevents the introduction of content. This includes system isolation, and returning any product taken off the line for testing to a known state,” he said.