“Around 1,800 of the portable Maxtor hard discs, produced in Thailand, carried two Trojan horse viruses: autorun.inf and ghost.pif, the bureau under the Ministry of Justice said.”
“The affected hard discs are Maxtor Basics 500G discs.”
“The bureau said that hard discs with such a large capacity are usually used by government agencies to store databases and other information.”
“Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said.”
This sounds rather sensational, eh? I certainly hope it is.
Lets start with the “carried two Trojan horse viruses” part. This is a common mistake made by writers who don’t know anything about technology or information security. The word “viruses” is incorrect. To qualify as a virus the malicious software would require a propagation mechanism. As best I can tell from the articles, this is just a run of the mill trojan.
Next we see that they believe a hard drive shipped to a defense contractor or government agency wouldn’t be formated before being put into production. I will admit that from time to time large organizations may seem inept (none of us are as dumb as all of us) but policy and procedure should be in place to prevent things like this.
The same hysteria came about in May of 06 with Lenovo at which time I made the same argument. The only difference in this case is that this is an actual threat instead of a perceived threat.
In the article it also says…
“The tainted portable hard disc uploads any information saved on the computer automatically and without the owner’s knowledge to www.nice8.org and www.we168.org, the bureau said.”
So following this trail starting with nice8.org we come up with;
Created On:11-May-2007 07:20:24 UTC
Last Updated On:27-Sep-2007 05:57:07 UTC
Expiration Date:11-May-2008 07:20:24 UTC
Sponsoring Registrar:Xin Net Technology Corporation (R118-LROR)
Registrant Name:ga ga
Registrant Postal Code:126631
Registrant Phone Ext.:
Registrant FAX Ext.:
Apparently we are dealing an evil mastermind named “Ga ga” who lives on “gagaga street”. I have heard grumblings of this mad man in the hacker underground. Okay, so its made up… probably random keyboard bashing. Dead end. You get similar worthles results when whois’ing we168.0rg. Both of which are down now.