Update: Maxtor drives contain password-stealing Trojans
Seagate confirms infection during drive assembly, but says no indication
of spying by Chinese authorities
http://************/2m6jtb

November 12, 2007 (Computerworld) Seagate Technology LLC has shipped
Maxtor disk drives that contain Trojan horses that upload data to a pair
of Chinese Web sites, the Taiwanese government's security service warned
this weekend.

The Investigation Bureau, a part of the Ministry of Justice that's
responsible for both internal security and foreign threats, said it
suspected mainland China's authorities were responsible for planting the
malware on the drives at the factory. "The bureau said that the method
of attack was unusual, adding that it suspected Chinese authorities were
involved," a story posted by the English-language Taipei Times reported
Sunday. "Sensitive information may have already been intercepted by
Beijing through the two Web sites, the bureau said."

Seagate confirmed today that some Maxtor Basics 3200 drives were
infected out of the box, but the company said it had no proof that the
Chinese government was involved. "We discovered that a contract
manufacturer had introduced a virus onto the drives during assembly,"
said Forrest Monroy, a Seagate spokesman, in an e-mail. "We have no
indication, nor any reason to believe, that there is any government
involvement in the virus issue."

According to the newspaper, about 1,800 Seagate-made drives left a
Thailand facility with a pair of Trojan horses preinstalled. The two
Trojans, said the Investigation Bureau, "phone home" to a pair of Web
sites hosted in Beijing and report all data recorded on the compromised
drive. Seagate, however, countered that the only data captured by the
on-disk Trojans and sent to the Chinese Web sites were game-related
passwords.

Internet records show that both sites -- www.nice8.org and www.we168.org
-- were registered with XinNet.cn, one of China's largest domain
registrars. Much of the registration information, however, including the
contact name and mailing address, appears to be bogus.

The Investigation Bureau identified the infected drives as 500GB models
and has demanded that the Taiwanese distributor pull all units from
shelves. Of the 1,800 drives reportedly malware-equipped, 1,500 have
been removed from the sales channel. The remainder had already been sold.

Seagate claimed that as soon as it discovered the infections, it put a
"stop ship" order on all units leaving the factory. "The drives leaving
the facility are [now] clean," Monroy said. But because some infected
drives are in customers' hands, Seagate will post a 60-day trial version
of Kaspersky Labs' antivirus software on its Web site. Users should scan
any suspected Basics 3200 drive for the malware, Monroy advised.
"Seagate apologizes for any inconvenience this may have caused our
customers," he added.

This is not the first time that the government of mainland China -- the
People's Republic of China -- has been accused of cyberspying or other
computer hacks and attacks. Two months ago, it was fingered for hacks on
U.S. military networks, and in May a U.S. Defense Department report said
that China has beefed up its own armed forces' first-strike cyberattack
capabilities.