Another case of the infected HD

A second event of malware infected HD has been discovered, this the second time it has happened in 4 months. The HD are part of “about 1,800 brand new 300-GB or 500-GB external hard drives made for Maxtor in Thailand” that include an autorun.inf file that will execute as soon as the disk is placed into the computer.

More details on the background can be found here and a bit more details on the origin can be read here.

In the old days this wouldn’t have happened as disks were “factory formatted” – requiring you to do a low-level format to start working with them, or at least partition them before use and they weren’t pre-formatted or even contained data on them.
P.S of course Windows is the only operating system that will get infected – Linux or MacOS won’t care about the presence of the autorun.inf file (or the ghost.pif file that is launched by it).

Share
  • http://networksecurity.typepad.com/ Juha-Matti

    Kaspersky sees the malware as Virus.Win32.AutoRun.ah.
    Trend has more names listed: BKDR_AGENT.ZYG/ZYJ, BKDR_BIFROSE.AZF, TROJ_MAC.AB/AZ, WORM_AUTORUN.FW, WORM_MAC.AA (and BB,CC, and DD variant)