Security mavens from Kaspersky say they have discovered a nasty virus that came pre-installed on Maxtor external hard drives sold in the Netherlands. The virus, dubbed Virus.Win32.AutoRun.ah, was found on the Maxtor 3200 Personal Storage, according to this press release from Kaspersky (translated from Dutch to English courtesy …
Never heard of WHAT?
"...there is not an opportunity for a virus to be loaded," he said. Yes the drive is formatted but I have never heard of a virus that lives in the master boot record."
Oh get real!
Seagate's been around like FOREVER - including back in the days of the stoned virus and other *boot sector* viruses. Obviously this guy is 17 years old and somehow recently promoted to a senior position.
Perhaps one of the grown-ups should take this padawan aside for a quick history lesson.
Not like Kaspersky is 100% reliable
Kaspersky are about the worst out there for false positives.
For example, they identify any program that has been compressed using one of several different exe-packers as being a virus.
I don't know if this is laziness on their part or what, but I'm kind of surprised they haven't identified parts of the EXE PE header as a fingerprint for a virus.
I'm inclined to disbelieve this report until it comes from a more reliable source than Kaspersky.
RE: Not like Kaspersky is 100% reliable
If you have an auto-run executing a file called ghost.pif it's not like you even need an anti-virus program to tell you something is fishy.
Hearing the statement "I have never heard of a virus that lives in the master boot record" made me worry about several things:
1) Am I really that old that I remember something an 'industry professional' doesn't?
2) Is someone at Seagate really that lacking in knowledge?
3) Is this article reporting their words correctly?
Who knows, but I am worried none the less.
Old viruses now can be just as lethal as they were when they were new. Why? Because if they write to the hard drive directly (not using the standard functions provided by the OS manufacturer) then they are likely to corrupt the hard drive, never mind what the virus was supposed to do. In the days of Stoned the capacity of a Hard Drive would have been of the order of (guessing here) 1Gb. To cope with increased sizes, the location of the relevant data locations will have changed, so blindly writing to the old locations will have a different effect to that desired.
RE: Old Viruses
I had the Stoned virus on a 20Mb Hdd on an IBM XT. 1Gb drives were but the stuff of dreams back then
@Never heard of WHAT?
Agreed. Where was this guy in the 80s and 90s? Under a rock in a cave?
Autorun, not MBR
"I have never heard of a virus that lives in the master boot record."
And this one doesn't, either. I've had a couple nasty MBR viruses way back in time, but that was in the 1980's and 1990's. Now it's a lot easier, you don't even need to boot off the device, just let Windows infect your machine for you automatically. Ah, the wonders of autorun.inf... one more good reason to disable each and every instance of automatic this-and-that in Windows.
"The malicious code also rifles through a computer's contents and deletes mp3 files"
deletes MP3 files... now which large american organisation might have written this then?? Arrgh Eye Ay Ay perhaps?
"in the days of Stoned the capacity of a Hard Drive would have been of the order of (guessing here) 1Gb. "
1Gb? Stoned was discovered in 1988. The usual PC disc capacity in those days was more like 40 megabytes. At the time 1Gb hard disks on PC:s was something people didn't even dare dream of. I mean, who could possibly need that much disc space on a desktop?
Agreed, and "Who needs more than 640K anyway".....
what's the problem?
The first thing I do with a new external drive is slap it on one of the Macs and repartition and reformat it. If it's going to be primarily used on Macs, it's formatted HFS+ and partitioned using Apple's old system (for PPC Macs) or their new system (for Intel Macs). If on Linux or Windows boxes, it's formatted FAT32 with MBR-based partitioning. I then slap it onto a Linux or Windows box and format it EXT3 or NTFS. I feel safe in assuming that anything which shipped on the disk is now history.
If it's an internal drive, I stick it into an external drive enclosure. It's now a (temporary) external drive. See above.
My XT built in 1987 has a 20 MB hard drive, which was considered pretty good at the time, as there were still plenty of PCs with no hard drive at all. To the average user, gigabytes were theoretical quantities, much like petabytes today.
"Never heard of a virus that lives in the master boot record" indeed. N00b.
>> Where was this guy in the 80s and 90s? Under a rock in a cave?<<
His daddies ball bag ?
Ok, it's time to swear off Maxtor and Seagate and all their subsidiaries until I hear a retraction. I bet that guy is one of senior management's kids who got his job handed to him on a silver platter. He probably won't even be fired.
RE: Not like Kaspersky is 100% reliable
I'd rather have Kapersky over norton/mcafee!
@everyone, calling the noob who has 'never heard of a virus that lives in the master boot record' 17 years old is an insult to 17 year olds, most clearly know way more than him.
@Anon Kaspersky Basher
I'm not sure if you:
1) Are a Kaspersky competitor
2) Used a tampered BitTorrent copy
3) Used a really bad beta
But I've NEVER seen Kaspersky do what you say. In fact, I can safely say that on the machines I've used it on, I've never seen a false positive.
The fact that you posted anonymously points to the first option...
The first thing I do with a new hard drive is get the hammer out, bash it one. Then I jump up and down it a few times.... If I'm feeling really comprehensive about it I connect it to a Mac ;)
missed maxtor going..
missed maxtor going to seagate, must of had a life that month. :-)
Who does that leave at the top of the 'good' drive chart ? is Hitachi still out there ?
You actually believe that anything you have not personally seen, couldn't happen?
I guess we never sent anyone to the moon either, eh?
Brought two 500gb Maxtor External Hard drives from a pc world store and used one in Cheltenham where it currently is and the other 80 miles away on a pc which has never been connected to a network or to the internet.
the two Hard drives were never in contact with each other but the findings were the same as can be seen in the following.
Object Name: Ghost.pif ( this being the file name on the disc )
Object path: H:\ ( being one of the relevent paths on the Hdd )
Discovery: Trojan Horse PSW.Generic4.TUP
I later when back to Pc World in Merthyr Tydifil where i was greeted with it was impossible and that they dont come with viruses, When i asked them to open one up they were really reluctant as if they knew this virus lived on the disk being sold.
I spoke to the manager of the store and the tech guy but they really didnt know and said that i didnt know what i was talking about.
I would advise anyone reading this not to purchase any Maxtor disk from Pc world until they have investigated this problem, if Pc world want proof i will supply them with this inorder to protect the people intending to purchase these items.
I bought the same as bioeddie - ie a Maxtor 500gb External Hard Drive from PC World in Stockport, Greater Manchester, a few days ago. Connected it up and exactly the same thing happenned. Luckily I am running AVG anti virus which spotted exactly the same Trojan horse.
When I looked on the drive itself it contained the ghost.pif file as well as an autorun file.
I am returning it to the store tomorrow so I'll see what sort of reaction I get!