The time has come to suspect any new hard disk you buy and install in your systems. According to this article, 1800 Maxtor disks of the size 500Gb comes with a bonus off the shelf.
If you install the disks, you get a virus too. Actually, as soon as you pick it up in the store, you get the virus. It is already installed on the device.
According to the article, the virus will upload any and all data on the device to two online database. Also according to the article, most disks of this size are bought by governmental agencies. And thus, the Chinese must have installed the virus. (The newspaper is in Taipei).
Obviously this kind of automatic back-up solution is not in the best interest of it's customers, so Seagate-Maxtor has pulled the disks from the market.
The interesting part in my opinion is that this kind of virus is not getting caught by AV-scanners. One reason is the low volume (number of infected devices). Another reason is that the device is likely to be installed, presumed clean, and just kicked into action. Not until the server-install AV client starts its weekly scan, will the virus be detected – IF and only IF the signature of the virus is in the AV client.
What can you learn by this?
- Never trust ANY hardware you bring into your perimeter
- ALWAYS check EVERYTHING you install in your systems and network – in a safe environment. For hard drives, that means testing, low-level formating and signing them off in a secure, non-connected environment. You do have that, right?
- As security gets tighter, threats evolve and finds other ways to get to you. It is a long time since boot-virus traveled by floppies. But if slow distribution is the easiest, most cost efficient way to hit you, that is how it will be done.
- Targeted attacks are increasingly common. We are leaving the days where the goal was to hit as many as possible. The goal today is cash – not attention.
Technology gets increasingly more advanced. But the technical understanding seems to decrease. The result is companies investing large amounts in technology, without understanding the potential damage that very technology may impose when it is not doing what they expected, or open them to threats.