[Infowarrior] - HP ships USB sticks with malware

[Richard Forno]

 HP ships USB sticks with malware
By Liam Tung
Staff Writer, CNET News.com Published: April 9, 2008 10:02 AM PDT

http://www.news.com/HP-ships-USB-sticks-with-malware/2100-7349_3-6236976.htm
l?part=rss&tag=2547-1_3-0-20&subj=news


Hewlett-Packard has released a batch of USB keys for numerous Proliant
server models which contain malware that could allow an attacker to take
over an infected system.

The worms contained on the 256KB and 1GB USB drives have been identified as
W32.Fakerecy and W32.SillyFDC. The worms spread by copying themselves to
removable or mapped drives and affect systems running Windows 98, Windows
95, Windows XP, Windows Me, Windows NT and Windows 2000, according to
AusCERT.

HP's Software Security Response Team issued a warning to AusCERT this week
after discovering the worms on the USB drives and has also provided a list
of affected servers to the security response organization.

To find out whether a drive is infected, HP recommends inserting it into a
system with up-to-date antivirus software. Systems with up-to-date antivirus
should be protected from the threat, according to HP.

John Bambenek, a researcher at the security organization Sans Internet Storm
Center, has said that because the infected USBs only affect Proliant
servers, a targeted attack cannot be ruled out.

However, the threat risk from the worms is considered to be low. "This is
probably not going to escalate into a widepread epidemic," Nishad Herath,
senior research scientist at McAfee Avert Labs, told ZDNet.com.au. "But I
would most definitely urge users to perform a virus scan of any
media--including any new blank drives--you receive from vendors prior to
installing/using them as slip-ups like this have been known to happen in the
past."

HP claims the worm-infected USBs will have only affected a small number of
customers.

"HP takes all quality issues very seriously. Because the keys involved are
used to install optional floppy-disk drives, this only affects the USB
Floppy Drive Key kit which is a very low volume option and impacts a very
small percentage of our ProLiant customer base. We've determined root cause
and are fully confident that we have resolved this event. To date, no
customers have reported this issue," a spokesperson for HP told
ZDNet.com.au.

HP has provided an advisory page for customers with affected USB keys.

To find out whether a drive is infected, HP recommends inserting it into a
system with up-to-date antivirus software. Systems with up-to-date antivirus
should be protected from the threat, according to HP.

John Bambenek, a researcher at the security organization Sans Internet Storm
Center, has said that because the infected USBs only affect Proliant
servers, a targeted attack cannot be ruled out.

Liam Tung of ZDNet Australia reported from Sydney.