HP admits to selling infected flash-floppy drives
Hybrid devices for ProLiant servers pre-infected with worms, HP says
Computerworld - Hewlett-Packard Co. has been selling USB-based hybrid flash-floppy drives that were pre-infected with malware, the company said last week in a security bulletin.
Dubbed the HP USB Floppy Drive Key, the device is a combination flash drive and compact floppy drive and is designed to work with various models of HP's ProLiant Server line. HP sells two versions of the drive, one with 256MB of flash capacity and the other with 1GB of storage space.
A security analyst at the SANS Institute's Internet Storm Center (ISC) suspects that the infection originated at the factory and was meant to target ProLiant servers. "I think it's naive to assume that these are not targeted attacks," said John Bambenek, who is also a researcher at the University of Illinois.
HP confirmed in an April 3 advisory that both versions of the flash-floppy drive may come with a pair of worms, although the company offered few details. It did not, for instance, say how many of the drives were infected, where in the supply chain the infections occurred or even when they were discovered.
If a compromised drive is plugged into a USB port on any machine on the network, the worms may spread "to any mapped drives on the server," HP's alert said.
Up-to-date antivirus software should detect the malware, but HP didn't specify which of the many available programs would find and then delete the worms. Symantec Corp., for example, has signature definitions in its collection for both pieces of malicious code, which it identifies as "Fakerecy" and "SillyFDC."
HP's recommendations included scanning the devices for infection, but the company did not answer questions about the pre-infected drives.
The problem isn't limited to HP and the flash-floppy drives it sells for its servers. In January, big-box retailer Best Buy Co. admitted it sold digital photo frames during the 2007 holidays that contained malware. Best Buy did not recall the frames.
The ISC's Bambenek put the HP gaffe in context. "We've seen some miscellaneous devices [infected] here and there, but in the last four months, first we saw it with a USB key for Check Point's firewall, and now with servers today," he said. The Check Point Software Technologies USB infection was reported a couple of weeks ago to ISC by an end user and quietly and quickly fixed by the security vendor, Bambenek said.
Bambenek also outlined several steps people can take to ensure that hardware isn't factory-infected, including scanning it for malware, searching the Internet for news or security advisory reports and returning any device that shows signs of infection.
"To be safe, yes, you should scan every piece of hardware," he said. "Certainly with devices distributed by corporations."
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts