HP ships USB sticks with malware included

By Liam Tung, ZDNet Australia
Wednesday, April 09, 2008 09:14 AM

HP has released a batch of USB keys for numerous Proliant server models which contain malware that could allow an attacker to take over an infected system.

The worms contained on the 256KB and 1GB USB drives have been identified as W32.Fakerecy and W32.SillyFDC. The worms spread by copying themselves to removable or mapped drives and affect systems running Windows 98, Windows 95, Windows XP, Windows Me, Windows NT and Windows 2000, according to AusCERT.

HP's Software Security Response Team issued a warning to AusCERT this week after discovering the worms on the USB drives and have also provided a list of affected servers to the security response organization.

To find out whether a drive is infected, HP recommends inserting it into a system with up-to-date antivirus software. Systems with up-to-date antivirus should be protected from the threat, according to HP.

John Bambenek, a researcher at the security organization Sans Internet Storm Center, has said that because the infected USBs only affect Proliant servers, a targeted attack cannot be ruled out.

However, the threat risk from the worms is considered to be low. "This is probably not going to escalate into a widepread epidemic," Nishad Herath, senior research scientist at McAfee Avert Labs, told ZDNet Asia sister site ZDNet Australia. "But I would most definitely urge users to perform a virus scan of any media--including any new blank drives--you receive from vendors prior to installing/using them as slip-ups like this have been known to happen in the past."

HP claims the worm-infected USBs will have only affected a small number of customers.

"HP takes all quality issues very seriously. Because the keys involved are used to install optional floppy-disk drives, this only affects the USB Floppy Drive Key kit which is a very low volume option and impacts a very small percentage of our ProLiant customer base. We've determined root cause and are fully confident that we have resolved this event. To date, no customers have reported this issue," a spokesperson for HP told ZDNet Australia.

HP has provided an advisory page for customers with affected USB keys.


WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.


Tech Jobs Now!

Search for your ideal tech job:

News from Countries/Region

Common ways IT wastes money on development

Web Development

Examples include using developers as support staff and failing to calculate a project's ROI before giving it the go-ahead.


Read more »



  • Enterprise 2.0

    Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
    Play video


  • Nehalem Architecture

    What makes next-generation Intel® Microarchitecture (Nehalem) such a superior successor?
    Play video

 
Free the untapped potential of your IT infrastructure
Reduce bottlenecks to drive the efficiency and productivity of Business IT.
» Ultimate virtualization blade
» Scalable SAN solution
» Accelerate service delivery
On demand CRM goes strategic
CRM technology has come of age, and is now able to align with your customer strategy and grow in step with your business.

» Learn more about Oracle’s CRM Solutions



Could this be the most critical budget for India?

Blog thumbnail

For business journalists in India, budget time is excitement time. It's like sports journos covering the Olympics. As a newspaper correspondent, I too had my fill of budget-time excitement. But..... by Swati Prasad

Read more »

Tags

  1. attack
  2. bank
  3. blog
  4. data security
  5. e - mail
  6. hacking
  7. internet
  8. malware
  9. microsoft corp.
  10. network
  11. network security
  12. pc security
  13. researcher
  14. security
  15. security management
  16. software
  17. spam and phishing
  18. u.s.
  19. viruses and worms
  20. web