Security Bytes

Apr 7 2008   3:25PM GMT

HP: Would you like some malware with your server?

Eric Parizo Eric Parizo Profile: Eric Parizo

Experts have said for some time that the era of pre-installed malware may be right around the corner. Today, there’s no question that corner has been turned, as the Australian Computer Emergency Response Team (AusCERT) has learned that optional USB 2.0 floppy drive keys shipping with certain Hewlett-Packard Co. ProLiant servers have been infected with malware.

According to AusCERT, the keys may be infected by viruses called ‘W32.Fakerecy’ or ‘W32.SillyFDC’. The part numbers of the infected keys are 442084-B21 and 442085-B21. They are shipping with some of HP’s ProLiant class BL, DL and ML servers and other related equipment.

In a post on the SANS Internet Storm Center (ISC) website, handler John Bambenek wrote that since the available information suggests the keys were shipped only with ProLiant servers, it could either be a random effort on the part of attackers, or it’s part of a scheme to target a specific product or group. Regardless, Bambenek wrote, it’s time to be concerned with USB-based attack vectors.

It’s worth noting the growing trend in which attackers focus their efforts on pre-installed malware. Platform security expert Michael Cobb recently addressed the issue of rootkits being pre-installed on USB thumb drives. There’s also the related threat of cross-build injection attacks, in which application developers rely on external dependencies with pre-assembled third-party components that surreptitiously had malicious code added to them. With this news, ISC suggests the hacker battleground may have now moved to the floors of manufacturing facilities worldwide.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: