Aldi supermarkets withdraw infected hard disks

Filed Under: Featured, Malware

The Australian media is full of reports that the local arm of German-headquartered supermarket giant Aldi has been selling removable hard drives complete with a pre-installed virus.

Aldi joins an extensive list of companies which have managed similar snafus in the past, including IBM (pre-infected USB keys, given away at a security conference, no less), Olympus (pre-infected cameras),Samsung (pre-infected phones) and Best Buy (pre-infected digital picture frames).

Oh, and Aldi (pre-infected PCs). That's right - Aldi has done this before.

Last time, back in 2007, the virus it shipped was Angelina - a boot sector virus which relies on floppy disks to spread and was largely considered extinct, but obviously wasn't. This time, I'm afraid we don't yet have a name for the virus.

Someone from SophosLabs in North Sydney is making a dash to the local Aldi to see if he can find one that hasn't been withdrawn from sale yet.

If we find out any more details, I'll update this article; if not, I'm sure he'll take the opportunity to pick up a few 24-packs of potato crisps and a couple of metric dozens of ice-cream cornets whilst he's there, so it won't be a wasted trip.

(Update: our field researcher reports that the afflicted devices have gone without a trace, or perhaps were never offered in stores. He sadly failed to return with any comestibles, but did admit to have been "eyeing the pizza oven and the meat slicing machine like in delis." SophosLabs prosciutto pizza, anyone?)

Apparently, the affected device is an external 4-in-1 hard drive, DVD, USB and card reader device. It's still being offered on-line, and at $99, it sounds like quite a useful peripheral to go with a budget netbook which doesn't have much storage or memory card slots of its own. But if you've bought one, I recommend you give it a thorough virus scan.

Or simply zap the hard drive, removing and recreating all the partitions on it. You'll lose all of the freebie software pre-installed on the hard disk, but that's actually highly desirable since the one thing you now know is that you can't trust any of it.

Aldi, one imagines, will now be shopping for a more reliable supplier of peripherals.

, , , , ,

You might like

8 Responses to Aldi supermarkets withdraw infected hard disks

  1. Kari F. · 1491 days ago

    I don't want to sound like a noob, but how exactly is the virus getting on the drives to begin with? They're obviously not poorly done it's a new drive, loaded with a software package, I assume. How does the virus get mixed in with the greenlit software to be installed? The same question for all the devices, cameras, phones, etc...

    • Paul Ducklin · 1491 days ago

      Depends how the disk content was mastered, and how the disks were initialised with the desired content.

      Many devices these days come with software used to make the device "ready to go", containing all the software which in the old days would have been on a CD in the box with the device. If that software was created - or copied onto and off - an infected PC at some point in the mastering process, the master image will contain infected files. Bingo. Pre-infected device.

      The final set of files combined into the "master build" for writing to the device might well include content from numerous sources - documentation outsourced to one company; flash demo videos to a second; some demo software bought in from a third; device drivers from a low-level coding company.

      Any one of those file bundles might contain malware, and if the final combination of all the input files isn't thoroughly checked, bingo! The virus ends up in the master image and thus on every disk.

      I've even heard of a case in which a proportion of the devices shipped (this was a giveaway USB key) ended up infected, because a well-meaning tester at the company responsible for making the USB keys took a random sample of keys out of the final batch and "verified" them on an infected PC. The keys came out of the mastering process OK but were infected _afterwards_!

      But instead of feeding the tested keys back into the mastering process (so they'd be genuinely fresh, reinitialised and thus unused before being given out), or discarding them, he decided to prevent wastage by putting the now-infected keys back amongst the ones to be sent out.

  2. pip · 1491 days ago

    isnt that a picture of a dvd drive ?

    • Paul Ducklin · 1491 days ago

      I assume there's a hard drive in there too, some ports on the back, and a USB hub stashed inside...

      There are no product specs on the website, so I can't tell how deep the device is, but it looks rectangular (and is probably foreshortened by the camera's lens), whereas modern miniature DVD drives are pretty much square. So I imagine there's plenty of room in the enclosure for a laptop drive, set across sideways at the back of the DVD drive.

      Or they put the wrong picture on the site :-)

    • Adam · 1491 days ago

      Read the article properly next time: "Apparently, the affected device is an external 4-in-1 hard drive, DVD, USB and card reader device."

  3. Jeff · 1491 days ago

    What's funny is I can care less about the virus....format the sucker. All I thought from the entire article was "man that's a good idea for a peripheral"

  4. Jim · 1491 days ago

    This should probably teach us all a lesson about consumer awareness: Install an antivirus program on the computer as soon as you get a hard drive and scan it. You could never know what's on a refurbished hard drive.

  5. arjen · 616 days ago

    i own this device and it is impossible to install whatsoever...seems like software like windows 7 detects immediateley malware.....strange thing is it did work ...1 time en 1 time only....after that moment lights are blinking but the external drive/dvd combo dus not give a reaction ....

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog