In Taiwan, new Seagate Maxtor Basics hard drives carry malware, reports Taipei Times. The infected drives have a 500GB capacity and were reportedly manufactured in Thailand.

The article in the Taipei Times points to China as the culprit behind this fiasco as the malware found in the infected drives upload information from affected systems to Web sites with a .cn domain. Trend Micro Network Architect Paul Ferguson points out that while China may be the prime suspect, it could altogether be a different entity as one of the hosts point to Dallas, Texas [75.{BLOCKED}.{BLOCKED}.113] and the other to Korea [222.{BLOCKED}.{BLOCKED}.190]. Ferguson acknowledges, however, that it’s easy for cybercriminals to register domans in China and have the actual hosts geographically elsewhere.

Trend Micro detects the malware found in the infected hard drives as follows:

• BKDR_AGENT.ZYG
• BKDR_AGENT.ZYJ
• BKDR_BIFROSE.AZF
• WORM_AUTORUN.QW
• WORM_AUTORUN.FW
• WORM_AUTORUN.VE
• WORM_AUTORUN.VF

Taiwanese authorities have instructed Seagate’s Taiwan distributor to remove the affected products from store shelves immediately.

Continuing enmity between Taiwan and China maybe behind the finger-pointing but several malware lurking in new suppose-to-be-clean hardware is another, more pressing, reality for computingdom. Another door has been opened for malware. For now, the only window open for information security is the immediate scanning of newly bought computers against “pre-natal infection.”

Under the US federal wiretap statute, John Schiefer has been charged with conducting illegal botnet activities. eWeek reports that Schiefer has pleaded guilty to four felony counts, namely accessing protected computers to conduct fraud, disclosing illegally intercepted electronic communications, wire fraud, and bank fraud.

Schiefer and his gang reportedly infected almost 250,000 vulerable computers to create a botnet that can mine PayPal user names and passwords, and other personal or financial information. The botherder is facing a maximum sentence of 60 years imprisonment and a fine of $1.75 million.

This is the first criminal case of its kind and we certainly hope it won’t be the last. Pokemon heroes got it right when they say, “Gotta catch ‘em all!” because the botnet problem will continue to be a problem otherwise.

The idea has indeed taken flight. Previously, we had encountered spam links playing around with the Google ranking system through the use of its “I’m Feeling Lucky” functionality. Now, it’s AOL search’s turn.

The following link:

http:// search.aol.com/%61%6F%6C/%72%65%64%69%72?%63%6C%69%
63%6B%65%64I%74%65%6DURN=%68%74%74%70%3A//zaWlGTLKvOtgvxi
TSLxWvcoTt%2E%6B%6F%63%6E%6F%77%61%2E%63%6F%6D

looks like this when de-obfuscated:

http:// search.aol.com/aol/redir?clickedItemURN=http://{BLOCKED}TLKv
OtgvxiTSLxWvcoTt.kocnowa.com

And in fact leads to the following site:

The link turns out to be taking advantage of the functionality of open redirectors. An open redirector is an application that redirects users to target Web sites automatically (without the need for verification). Redirection by itself is a useful tool for Web site admins who do not want to ‘lose their audience.’ If a user enters a URL that is predictably related (but not exactly) to the site she is looking for, the browser can redirect her to the site itself or a page in the site that can help her find some answers.

But as we realize time and again, tools can be used for both good and bad results. This is the case with redirectors. Since the specially-crafted link starts off with http://search.aol.com while the rest of the URL is obfuscated, spammers can hope to evade spam filters. They only have to make sure that the spam site is the only site referred to in the formulated AOL search result link. This tactic, has in fact, been around for quite some time.

Regardless of the motivation, it remains clear that anything used to mislead a user is a violation of his rights and privacy. Users should double-check the URL of the sites they are visiting time and again to make sure they do not fall victim to similar attacks.

Information provided by Senior Threat Analyst Joey Costoya