Posted by: Eric Parizo
Information Security Threats, Platform Security
Experts have said for some time that the era of pre-installed malware may be right around the corner. Today, there’s no question that corner has been turned, as the Australian Computer Emergency Response Team (AusCERT) has learned that optional USB 2.0 floppy drive keys shipping with certain Hewlett-Packard Co. ProLiant servers have been infected with malware.
According to AusCERT, the keys may be infected by viruses called ‘W32.Fakerecy’ or ‘W32.SillyFDC’. The part numbers of the infected keys are 442084-B21 and 442085-B21. They are shipping with some of HP’s ProLiant class BL, DL and ML servers and other related equipment.
In a post on the SANS Internet Storm Center (ISC) website, handler John Bambenek wrote that since the available information suggests the keys were shipped only with ProLiant servers, it could either be a random effort on the part of attackers, or it’s part of a scheme to target a specific product or group. Regardless, Bambenek wrote, it’s time to be concerned with USB-based attack vectors.
It’s worth noting the growing trend in which attackers focus their efforts on pre-installed malware. Platform security expert Michael Cobb recently addressed the issue of rootkits being pre-installed on USB thumb drives. There’s also the related threat of cross-build injection attacks, in which application developers rely on external dependencies with pre-assembled third-party components that surreptitiously had malicious code added to them. With this news, ISC suggests the hacker battleground may have now moved to the floors of manufacturing facilities worldwide.