Circa 1956 brain in questionable condition:
I have a computer that I am very careful with. It has things on it I need to protect. But I really screwed up during a time when I was distraught from family issues and in a hurry. It's not easy to admit what happened but here goes. I have a small company and I am a QuickBooks user. I really needed to get some quarterly forms filed and get back to the nursing home. Something went wrong in QB and I googled for the direct number for tech support. I am getting old and I didn't have my computer glasses on, something I don't recommend. Google brought up 800-615-0869 but I was rushing and didn't check it out fully. I called and they were eager to help, just like good old Intuit. (Intuit later told me this is NOT one of their numbers.) They wanted to get on my machine with Logmein Rescue. I reluctantly did it. I was watching them and it seemed like no big deal. Then they sent me to their senior guy for help. He tried to show me in the log files that things were really hosed up. It was going to take several hours and they wanted $299. When I balked things quickly turned hostile. I disconnected from Logmein, hung up, and powered down. I queried the Logmein people hoping for a response as to whether a file could have transferred to my system (and been run) without my knowledge. I did not even get the courtesy of a reply. I grabbed an old hard drive, restored my latest Acronis image (will be doing the backups a lot more frequently now), updated Windows, Quickbooks, etc., etc., and restored my data directory from my NAS. I get sloppy with my whole system images sometimes but I am very good about copying my data directory to the NAS every time I do anything at all on this computer. And, of course, the real Intuit had the problem fixed in no time for no charge.
So, if anyone actually made it through that whole saga and is still with me, I have a question. Right now I'm treating that old hard drive like it has the plague. I enjoy Steve Gibson and Bruce Schneier but I haven't kept up for the past year or so. In the unlikely event that I find later that I missed something that I need, how virulent is malware these days? If I just plug the old drive into a cradle to retrieve a data file will I be at risk? I mean, we aren't to the point where they're infecting SMART systems or anything else that runs just because the drive is powered up, are we?
If you like happy endings then I will tell you that as I was spending several hours changing all my passwords (I even backup LastPass to that PC) I found that none of my bank accounts had been routed and there was no sign that anyone accessed any of my accounts. Maybe some days the gods smile on dumba**es!