Word to the wise

Chris Cotgrove · #1 11-20-2007, 05:40 PM

I have been finding lately that my hard drives are getting as crowded as the inside of my head, so I decided to buy myself a storage solution. I decided upon a Maxtor 500GB USB external hard drive, figuring that this would hold all my digital books, art and music, and was fairly cheap for the price.

I had three external hard disks of varying sizes all full up already, so it was about time that I did something like this; Maxtor has a good reputation, and all of the products I've had from them in the past have been trustworthy.

So I got the brand new Maxtor drive, plugged it into a USB port to get it formatted and set up...Autorun kicks in, and scans the drive...and the next thing I know, my protection software is telling me that a trojan is installing itself on my system (that it can't block).

Now, being that I'm relatively experienced in the ways of IT, I couldn't work out how this could happen, considering this was a brand new drive, literally just out of the packaging...there's no way that any reputable manufacturer would ship out hardware that comes pre-installed with malware...right?

And then I notice that my system is running VERY slowly, and worse...one of my other external hard disks was now unreachable, effectively destroying 45Gb of valuable data.

I've spent the last week or so trying to get my system back to baseline operational again ( I finally formatted and re-installed last night), and as yet I have been unable to access the data on the hard disk; I am at the point where I can see the data, but I can't copy it off of the drive. I'm taking a friend's suggestion of installing Ubuntu Linux and seeing if I can't copy the files that way.

Otherwise, it's looking that I'm going to have to pay for a physical data recovery (for the un-initiated, this is where techs crack open a hard drive and pull out the thin "platters" that sit inside, which requires a clean room to do - a space which is environmentally controlled and 100% free of dust). This will cost anywhere from $1000 to $9000.

I'm stumped as to how a Trojan arrives on a brand new external drive, so I do some research:

Chinese Trojan on Maxtor HDD spooks Taiwan

Kapersky: Maxtor markets password-pilfering Dutch disk drives

Yes, it turns out that Maxtor is having some "issues" at its manufacturing plant, because these drives are being shipped with viruses, trojans and other malware on them. The one that was on mine was Trojan-Phisher-Lineage, a phishing Trojan that may harvest personal information such as usernames and passwords in order to access financial accounts. Unfortunately for the trojan, it worked counterintuitively by crippling my system to the point where I couldn't do online banking or sign into email...so it was denied access to the data it was designed to farm.

Long story short - if you're thinking of buying something to back up data, DO NOT BUY any Maxtor product until this is 100% resolved. I cannot stress this enough. I would also recommend backing everything up by burning it to DVD - this is what I'm going to be doing from now on - use +R or +RW formats, because they both have good file recovery systems built in; the -R/-RW aren't so good.

I've also changed out my antivirus/anti-spyware protection for NOD32 Smart Security.

Posting this up here in the hope that this particular digital nightmare never ever happens to any of you.

Daz Florp Lebam · #2 11-20-2007, 10:39 PM

Shit. I've had my share of crashes and rebuilds, but...that's insane. I feel your pain.

Charke · #3 11-20-2007, 11:31 PM

I would go after Maxtor for any losses. I realize how hard that would be, so I'd collect all the news reports and see if you can get proof there was a virus. At 9000$ for the recovery - it would be worth a little hassel.

Mark Charke

Destriarch · #4 11-21-2007, 03:10 AM

Quote:

Originally Posted by Charke

I would go after Maxtor for any losses. I realize how hard that would be, so I'd collect all the news reports and see if you can get proof there was a virus. At 9000$ for the recovery - it would be worth a little hassel.

Seconded. This is a clear-cut case and I'd expect Maxtor to want to settle out of court for it. Go get 'em!

Ash

clockworkjoe · #5 11-21-2007, 11:16 AM

I posted this thread to a security blog and one of the commentators there thought this was fake. http://www.schneier.com/blog/archive....html#comments

Quote:

That forum posting just doesn't seem right, there's more going on there. Supposedly after connecting his new Maxtor his system slowed to a crawl and one of his other external drives became unusable, to the extent that he says he's going to have to pay >$1000 to have a clean room open up the drive and remove the platters so he can get his data back. This makes little sense to me, if it's true then there's a much bigger story here I think. Sounds like the guy dislikes Maxtor for some reason and saw this story and made his own story up.

I have no security expertise so I can't say.

Eldoria · #6 11-21-2007, 11:45 AM

HI Chris,

I am sorry to hear about the hard drive problem.

Perhaps someone purchased the data storage device, infected it, and then returned it. The store may have just then put it back on the shelf?

Just a thought...

As for data recovery: I just had a hard drive completely die on me. I was able to get a full data recovery of all My Documents, personal settings and email (the only three things I was after) from the "Geek Squad" at Best Buy for about 150 dollars (they gave me four DVDs with all the files for me to load onto my new hard drive). You may want to give them a call...

Good Luck!
William

Durin's Bane · #7 11-21-2007, 12:56 PM

Before paying through the nose for a professional, I'd recommend trying a broken drive recovery program first. When my laptop drive got corrupted and refused to respond, I put it in a USB enclosure and managed to use this program (I believe the name was Stellar Phoenix) to get all the stuff off succesfully. I was quite impressed, there was only minor damage to the files that were actually on corrupted parts of the drive. Certainly saved my bacon getting back a month of non-backed-up source code and writing!

Another program that might do the job is SpinRite from GRC.com. Not actually used it but I hear it's good.

John Buckmaster · #8 11-21-2007, 08:20 PM

This is a confirmed issue with a limited number of Maxtor externals. I forget exactly where I saw the info, but it was off of fark.com and there's a recall/notice deal out there. check the Maxtor website and do some searching. You should find out what they're doing to rectify this and if they're repairing stuff for free or not.

-John

Byron Alexander · #9 11-23-2007, 10:24 AM

Quote:

Originally Posted by clockworkjoe

I posted this thread to a security blog and one of the commentators there thought this was fake. http://www.schneier.com/blog/archive....html#comments

I have no security expertise so I can't say.

I know you're just repeating what someone else has said but I very much doubt Chris created two whole internet sites (the links he provided) just to get at a computer hard-ware firm.

kurtataylor · #10 11-24-2007, 05:25 AM

Thanks for the tip. I had been considering an external hard drive and I won't be considering any Maxtor products. My primary computer is a MAC, so the spyware/malware/virus wouldn't really be a problem. I don't want to be buying products from a company releasing devices with these types of problems.
This is one of the reasons I started using a MAC.