Big Maxtor Disks Making Big Security Headaches [Updated]


First, the Bad News

Seagate, which owns Maxtor, reported today that Maxtor Basics Personal Storage 3200 hard disks produced since August 2007 may be infected with Virus.Win32.AutoRun.ah. This virus, which Symantec calls W32.Drom, and McAfee calls PWS-LegMir (see the notification page for a complete list of aliases), searches for online game passwords and sends them to a China-based server, and knocks your existing antivirus program out of action.

[ Update: Paul Ferguson, a researcher for Trend Micro, has determined that the servers are actually located in Dallas, TX and Korea, according to Robert McMillan of IDG News Service]

Most of the affected games are Chinese, but one big exception is World of Warcraft . Ouch!

Kapersky Helps Seagate (and You) Fight Back

Seagate says that most major antivirus vendors have issued updates to stop the virus. However, if you've been lazy about updating your antivirus, or just plain don't have an antivirus program, Seagate and Kapersky Labs, which first alerted Seagate, have teamed up to offer you a 60-day trial of Kapersky's Anti-Virus 7.0, which you can download from the product notification page. Here's a direct link to the US English version.

But Wait! There's More (Bad News, That Is)

Hey, it could be worse - and maybe it is. According to the Taipei Times , some Maxtor Basics 500GB hard disks sold in Taiwan contain two Trojan Horse viruses that send "any information saved on the computer" to Chinese websites and

Authorities in Taiwan believe this incident may be an attempt by the mainland Chinese government to perform cyberespionage. About 1,800 drives were affected, but only 300 were sold before the products were pulled from store shelves. In a follow-up , the Taipei Times reported that Seagate has determined that the infections originated with a China-based subcontractor.

Wondering if this is an isolated case? Wondering what you should do to protect yourself? Read on...

Time to Think Twice About Maxtor Drives?

Unfortunately, this isn't  the first time that Maxtor portable drives have been fingered in an information-stealing probe. Back in September, Kapersky Labs reported finding the same Virus.Win32.AutoRun.ah virus on Maxtor Portable Storage 3200 drives sold in the Netherlands . At the time, Seagate blew off the report, with a spokesperson reportedly saying "...I have never heard of a virus that lives in the master boot record." The spokesperson had evidently never heard of the notorious Brain or Michaelangelo boot-sector viruses . With the latest infection, though, Seagate has become a believer in boot-sector viruses.

So, is it time to think twice about Maxtor external hard disks? Maybe it is, and maybe it's time to think twice about any storage coming from mainland China. Keep in mind that with today's global economy, even a hard disk that has a different "assembled in" country on the packaging might have a disk assembly hailing from China.

Protecting Yourself (and Your Data)

So, how can you protect yourself from getting zapped by a virus coming from a new hard disk?

  • Scan any brand-new external hard disk for viruses and malware as soon as you connect it to your system.
  • If you have a system you're not using for anything, consider making it a virus testing system.
  • Keep your antivirus and anti-malware software up to date.
  • Reformat external hard disks before using them to recreate the master boot record.
  • To prevent a portable hard disk from starting automatically in Windows XP, download and install TweakUI from the Windows XP PowerToys website. Use the AutoPlay section of TweakUI to disable AutoPlay.
  • To disable AutoPlay in Windows Vista, open the Play CDs or Other Media Automatically link in Control Panel's Hardware and Sound category and uncheck the Use AutoPlay checkbox. The How-To Geek's website also has tips for controlling AutoPlay for specific media types and how to disable AutoPlay with Group Policy or registry tweaks.

With all of the new-found emphasis on safeguarding consumers from dangerous Chinese products , let's hope drive and storage vendors are jumping on the bandwagon.

Around the web