back to article Kaspersky: Maxtor markets password-pilfering Dutch disk drives

Security mavens from Kaspersky say they have discovered a nasty virus that came pre-installed on Maxtor external hard drives sold in the Netherlands. The virus, dubbed Virus.Win32.AutoRun.ah, was found on the Maxtor 3200 Personal Storage, according to this press release from Kaspersky (translated from Dutch to English courtesy …


This topic is closed for new posts.
  1. Jon Tocker

    Never heard of WHAT?

    "...there is not an opportunity for a virus to be loaded," he said. Yes the drive is formatted but I have never heard of a virus that lives in the master boot record."

    Oh get real!

    Seagate's been around like FOREVER - including back in the days of the stoned virus and other *boot sector* viruses. Obviously this guy is 17 years old and somehow recently promoted to a senior position.

    Perhaps one of the grown-ups should take this padawan aside for a quick history lesson.

  2. Anonymous Coward
    Anonymous Coward

    Not like Kaspersky is 100% reliable

    Kaspersky are about the worst out there for false positives.

    For example, they identify any program that has been compressed using one of several different exe-packers as being a virus.

    I don't know if this is laziness on their part or what, but I'm kind of surprised they haven't identified parts of the EXE PE header as a fingerprint for a virus.

    I'm inclined to disbelieve this report until it comes from a more reliable source than Kaspersky.

  3. Tom

    RE: Not like Kaspersky is 100% reliable

    If you have an auto-run executing a file called ghost.pif it's not like you even need an anti-virus program to tell you something is fishy.

  4. Bob Hannent

    Never heard

    Hearing the statement "I have never heard of a virus that lives in the master boot record" made me worry about several things:

    1) Am I really that old that I remember something an 'industry professional' doesn't?

    2) Is someone at Seagate really that lacking in knowledge?

    3) Is this article reporting their words correctly?

    Who knows, but I am worried none the less.

  5. Anonymous Coward
    Anonymous Coward

    Old Viruses

    Old viruses now can be just as lethal as they were when they were new. Why? Because if they write to the hard drive directly (not using the standard functions provided by the OS manufacturer) then they are likely to corrupt the hard drive, never mind what the virus was supposed to do. In the days of Stoned the capacity of a Hard Drive would have been of the order of (guessing here) 1Gb. To cope with increased sizes, the location of the relevant data locations will have changed, so blindly writing to the old locations will have a different effect to that desired.

  6. Daniel du Preez

    RE: Old Viruses

    I had the Stoned virus on a 20Mb Hdd on an IBM XT. 1Gb drives were but the stuff of dreams back then

  7. Anonymous Coward
    Anonymous Coward

    @Never heard of WHAT?

    Agreed. Where was this guy in the 80s and 90s? Under a rock in a cave?

  8. Anonymous Coward
    Anonymous Coward

    Autorun, not MBR

    "I have never heard of a virus that lives in the master boot record."

    And this one doesn't, either. I've had a couple nasty MBR viruses way back in time, but that was in the 1980's and 1990's. Now it's a lot easier, you don't even need to boot off the device, just let Windows infect your machine for you automatically. Ah, the wonders of autorun.inf... one more good reason to disable each and every instance of automatic this-and-that in Windows.

  9. Anonymous Coward
    Anonymous Coward


    "The malicious code also rifles through a computer's contents and deletes mp3 files"

    deletes MP3 files... now which large american organisation might have written this then?? Arrgh Eye Ay Ay perhaps?

  10. MacroRodent


    "in the days of Stoned the capacity of a Hard Drive would have been of the order of (guessing here) 1Gb. "

    1Gb? Stoned was discovered in 1988. The usual PC disc capacity in those days was more like 40 megabytes. At the time 1Gb hard disks on PC:s was something people didn't even dare dream of. I mean, who could possibly need that much disc space on a desktop?

  11. Tim Schomer

    @ Title

    Agreed, and "Who needs more than 640K anyway".....

  12. James O'Shea

    what's the problem?

    The first thing I do with a new external drive is slap it on one of the Macs and repartition and reformat it. If it's going to be primarily used on Macs, it's formatted HFS+ and partitioned using Apple's old system (for PPC Macs) or their new system (for Intel Macs). If on Linux or Windows boxes, it's formatted FAT32 with MBR-based partitioning. I then slap it onto a Linux or Windows box and format it EXT3 or NTFS. I feel safe in assuming that anything which shipped on the disk is now history.

    If it's an internal drive, I stick it into an external drive enclosure. It's now a (temporary) external drive. See above.

  13. Peter Mc Aulay


    My XT built in 1987 has a 20 MB hard drive, which was considered pretty good at the time, as there were still plenty of PCs with no hard drive at all. To the average user, gigabytes were theoretical quantities, much like petabytes today.

    "Never heard of a virus that lives in the master boot record" indeed. N00b.

  14. Anonymous Coward
    Anonymous Coward


    >> Where was this guy in the 80s and 90s? Under a rock in a cave?<<

    His daddies ball bag ?

  15. Anonymous Coward
    Anonymous Coward


    Ok, it's time to swear off Maxtor and Seagate and all their subsidiaries until I hear a retraction. I bet that guy is one of senior management's kids who got his job handed to him on a silver platter. He probably won't even be fired.

  16. Anonymous Coward
    Anonymous Coward

    RE: Not like Kaspersky is 100% reliable

    I'd rather have Kapersky over norton/mcafee!

    @everyone, calling the noob who has 'never heard of a virus that lives in the master boot record' 17 years old is an insult to 17 year olds, most clearly know way more than him.

  17. Anonymous Coward
    Anonymous Coward

    @Anon Kaspersky Basher

    I'm not sure if you:

    1) Are a Kaspersky competitor

    2) Used a tampered BitTorrent copy

    3) Used a really bad beta

    But I've NEVER seen Kaspersky do what you say. In fact, I can safely say that on the machines I've used it on, I've never seen a false positive.

    The fact that you posted anonymously points to the first option...

  18. Alex


    The first thing I do with a new hard drive is get the hammer out, bash it one. Then I jump up and down it a few times.... If I'm feeling really comprehensive about it I connect it to a Mac ;)

  19. tony trolle

    missed maxtor going..

    missed maxtor going to seagate, must of had a life that month. :-)

    Who does that leave at the top of the 'good' drive chart ? is Hitachi still out there ?

  20. JC

    @ Dustin

    You actually believe that anything you have not personally seen, couldn't happen?

    I guess we never sent anyone to the moon either, eh?

  21. This post has been deleted by its author


    PC World

    I bought the same as bioeddie - ie a Maxtor 500gb External Hard Drive from PC World in Stockport, Greater Manchester, a few days ago. Connected it up and exactly the same thing happenned. Luckily I am running AVG anti virus which spotted exactly the same Trojan horse.

    When I looked on the drive itself it contained the ghost.pif file as well as an autorun file.

    I am returning it to the store tomorrow so I'll see what sort of reaction I get!

This topic is closed for new posts.

Other stories you might like