According to a new security bulletin from HP, some of their ProCurve 5400zl switches may have shipped with malware-laden compact flash cards. While HP does state that inserting one of the infected cards into a computer could compromise the system, they don’t offer many other details — like whether or not the malware can self-propogate while the card is sitting in a switch.
They also didn’t specify which malware was found on the cards, and it’s not yet known how the cards became infected in the first place. Not all 5400zl switches are affected, however, just the specific serial numbers listed on HP’s website, all of which were sold starting in May of 2011.
Two resolves are being offered. For administrators who don’t mind a little downtime, HP will ship a replacement management module and deal with the malware removal. The switches can also purge the unwanted contents of the cards themselves via a script that can be run after establishing a console session. The second option, HP says, should have no impact on network operation and it also avoids the potential threat posed by inserting the card into a PC to attempt malware removal.
This isn’t the first time a big-name company has discovered that products they’ve shipped had been used as malware mules. Dell had a similar issue in 2010, when the Spybot worm was found hiding out on replacement motherboards. Like these ProCurve switches, digital cameras, MP3 players, and mobile phones from companies including Olympus and Samsung have shipped in the past few years with infected memory cards.
More at Security Week
Article source: http://www.geek.com/articles/news/hp-enterprise-switches-shipped-with-malware-on-flash-cards-20120412/
View full post on National Cyber Security » Virus/Malware/Worms
