Usually a booting PC will issue several identify commands and try a SMART health check, and if there is a RAID option ROM then specific series of READ will be issued. If it would really disclose itself with simple RESET, READ interrogation then I must be a better malware author than those players. I don't think I am, and I feel that if it would give itself away without ensuring that the OS is really booting, this is a big flaw. If it were my project, it would be a showstopper. I'm a noob in the sense that I have never considered malware before, so probably the developers (who are smarter than me) thought about it long before I did.

This flaw would also make it much simpler to write a script for MHDD that would reveal the infection on the infected target itself after booting from a floppy.

I think a JTAG probe is not especially useful to analyze a hard disk. The flash on the board is usually only a bootstrap and "physical driver" of sorts. The rest of the firmware is stored on the media - you can see that many disks do not even know what they are if you disconnect the heads and try to identify.

I think JTAG is not commonly in the toolbox of the data recovery guys who dump firmware modules and trade them. DR sometimes involves replacing corrupted firmware that is on the disk, or reprogramming a controller board to match one that's failed. They have bought software and serial port cables, and this seems to handle it for them, so I concluded that there must be a way to dump all of the firmware - on chips and disks - with ATA commands or the serial port, and we know from field-service tools that there is usually a way to update it all with only ATA commands.