Chinese subcontractor installs trojan horses on hard drives

Published 14 November 2007

Seagate hard drives sold in Taiwan are discovered to have trojan horses installed on them by Chinese subcontractor; virus uploads information saved on the computer automatically to Web sites in Beijing

Yesterday we wrote about how the Chinese government is using the considerable assets of the country’s intelligence services engage in large-scale industrial espionage in Western Europe on behalf of Chinese companies (many of which, directly or indirectly, or owned by the People’s Liberation Army [PLA] of the Chinese intelligence services. Now, this story: The Taiwanese Investigation Bureau, the equivalent of the U.S. FBI, has found that portable hard discs produced by U.S. disk-drive manufacturer Seagate Technology, and which were sold in Taiwan, contained Trojan horse viruses. The contamination of the drives with trojan horses took place when the hard drives were in the hands of Chinese subcontractors during the manufacturing process. Seagate, the manufacturer of the Maxtor portable hard drive, said Saturday on its Web site that Maxtor Basics Personal Storage 3200 hard drives sold after August could be infected with the virus. Anti-virus software manufacturer Kaspersky Labs also issued a similar warning. The hard drive has been temporarily pulled off the shelves and is no longer available for purchase.

The Investigation Bureau said the tainted portable hard drives automatically upload any information saved on the computer to Beijing Web sites without the user’s knowledge. While investigating a Chinese subcontractor involved in the manufacturing process, Seagate found that some of the drives were infected with the viruses. The company said the products from the problem factory had been scanned and all viruses had been eliminated, adding that all inventory would also be treated before the product was returned to stores. Seagate did not disclose the stage in the manufacturing process in which the Chinese subcontractor installed the Trojan horse. Seagate recommended that all customers who had purchased the product install protective anti-virus software, and Seagate said that Kaspersky Labs would offer all Seagate customers a sixty-day fully functional version of the Kaspersky Lab Anti-Virus 7.0 software for download and installation.

Seagates appears to have a problem with subcontactors installing trojan horses on its drives. Back in September, the Register published information saying that Kaspersky Labs had found a preinstalled virus named Virus.Win32.AutoRun.ah on Maxtor 3200 external hard drives sold in the Netherlands. That virus, however, was merely annoying: When it accessed software, it looked for gaming passwords and deleted mp3 files. The virus in Taiwan sent information back to China.