Outline Circulating warnings claim that a 4-in-1 Hard Drive device sold at Australian ALDI stores contains malware.
The claims in the warnings are true. AusCERT and other reliable sources have confirmed that an old version of the Conficker malware is installed on the ALDI External 4-in-1 Hard Drive devices. ALDI has reportedly now withdrawn the devices.
ALDI External 4-in-1 Hard Drive, DVD, USB and Card Reader Device $99
Reads and writes both CD and DVD Pre-installed 320GB hard drive
Built-in USB hub and card reader Perfect for notebooks Plug and play
This device contains malware. One of ALDIís special buys from Thursday 28 July.
Device can steal data from computer systems and enable remote access to the attached computer system.
Ensure your computerís anti-virus software is up to date.
Warnings that are currently circulating via email and social media claim that a Hard Drive device sold by Aldi stores in Australia contains malware. One such circulating warning takes the form of a Queensland Police Intelligence Bulletin originally intended for internal police use only. According to the warnings, the "ALDI External 4-in-1 Hard Drive, DVD, USB and Card Reader Device" comes with malware already installed that can steal information from attached computers and allow third parties remote access.
The claims in the warnings are true. On July 28, 2011, The Australian Government Stay Smart Online Alert service published an alert about the issue which notes:
Aldi stores are currently selling an External 4-in-1 Hard Drive, DVD, USB and Card Reader which may contain malware. If infected, your personal and/or business information may be accessed for fraudulent or illegal purposes (eg, identity theft).
The Australian Computer Emergency Response Team (AusCERT) has also published an alert about the devices. According to AusCERT, the devices contain an old variant of the notorious Conficker malware which was first launched back in 2008. Given its age, most up-to-date antivirus scanners should be able to detect and deal with this threat.
If you have bought and used one of these devices, you may wish to format the hard drive on the device and conduct a full virus scan of your system. Alternatively, return the device to ALDI. ALDI has now issued a voluntary public recall of the devices, although, at the time of writing, the devices were still being promoted via the company's website.