April 9, 2008 10:02 AM PDT

HP ships USB sticks with malware

By Liam Tung
Staff Writer, CNET News.com

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: The next generation of security threats
December 5, 2007; Infamous Russian malware gang vanishes
November 9, 2007; F-Secure: Low threat from mobile malware
September 27, 2007
Related Blogs: USB flash drives need a condom
Defensive Computing
March 15, 2008

Hewlett-Packard has released a batch of USB keys for numerous Proliant server models which contain malware that could allow an attacker to take over an infected system.

The worms contained on the 256KB and 1GB USB drives have been identified as W32.Fakerecy and W32.SillyFDC. The worms spread by copying themselves to removable or mapped drives and affect systems running Windows 98, Windows 95, Windows XP, Windows Me, Windows NT and Windows 2000, according to AusCERT.

HP's Software Security Response Team issued a warning to AusCERT this week after discovering the worms on the USB drives and has also provided a list of affected servers to the security response organization.

To find out whether a drive is infected, HP recommends inserting it into a system with up-to-date antivirus software. Systems with up-to-date antivirus should be protected from the threat, according to HP.

John Bambenek, a researcher at the security organization Sans Internet Storm Center, has said that because the infected USBs only affect Proliant servers, a targeted attack cannot be ruled out.

However, the threat risk from the worms is considered to be low. "This is probably not going to escalate into a widepread epidemic," Nishad Herath, senior research scientist at McAfee Avert Labs, told ZDNet.com.au. "But I would most definitely urge users to perform a virus scan of any media--including any new blank drives--you receive from vendors prior to installing/using them as slip-ups like this have been known to happen in the past."

HP claims the worm-infected USBs will have only affected a small number of customers.

"HP takes all quality issues very seriously. Because the keys involved are used to install optional floppy-disk drives, this only affects the USB Floppy Drive Key kit which is a very low volume option and impacts a very small percentage of our ProLiant customer base. We've determined root cause and are fully confident that we have resolved this event. To date, no customers have reported this issue," a spokesperson for HP told ZDNet.com.au.

HP has provided an advisory page for customers with affected USB keys.

John Bambenek, a researcher at the security organization Sans Internet Storm Center, has said that because the infected USBs only affect Proliant servers, a targeted attack cannot be ruled out.

Liam Tung of ZDNet Australia reported from Sydney.

Add a Comment (Log in or register) 17 comments

HP & Viruses
by timotaug April 9, 2008 3:10 PM PDT: I purchased an hp dv6500 laptop. all I installed was AVG and ran a scan of the system and 2 of the preloaded games were in fected. ! was a trojan the other a worm. ThE gRANNY GAME AND ONE OTHER. I called to inform them of the issue (which i corrected by deleting the infections) They said there was no way and to try an F-disk to resolve. mind you I just turned it on for the 1st time and installed AVG.; Reply to this comment View reply
Processing

Mac and linux users dont need to worry ever.
by dan356 April 10, 2008 8:53 PM PDT: Yeah yet another advantage of being a mac user. plus im also a linux user. I just dual boot. Hmmm, maybe this is a scare from hp and microsoft to go make people get really expensive anti virus protection because the creators of windows have no skills in making a decent well protected system. The only advantage to windows is gaming. Which if your into next gen gaming chances are you have a ps3 or 360 like i do. So I'm set no need to buy a windows comp for gaming. I think Apple should make their OS multiplatform. It would kill Microsoft in a year. In fact, its been really foolish of Apple to allow microsoft to get really far ahead in the Comp bussiness. But Microsoft is falling really fast in the market. People are just pissed from vista. Yeah if Apple ever allows their OS to be released on Pcs say goodbye to Microsoft. Also, to the people that say the only reason Windows has so many viruses is because everyone uses it. They are dead wrong.... The reason is microsoft only thinks about nerdy bussiness men and gaming. Never about security or anything that a normal web browser would care about. They only upgrade microsoft office, thats about it. It was pretty funny when microsoft said"windows vista is top of the line security" LOL! Now it has at least 500 to 800 viruses. Not to mention loads of spyware.; Reply to this comment View all 4 replies
Processing

The more concerning issue...
by dwinks April 11, 2008 3:02 PM PDT: I think the more concerning issue here is that HP is shipping thumb drives with only 256KB of space. What exactly could someone do with that little space. I think a completely blank office document is larger than that now, let alone one with a few pages of text and graphics.

On the other hand, I have to give kudos to the virus writers for making such a compact and efficient virus that it can fit into just 256KB of space.; Reply to this comment


by UNiHacker June 3, 2008 6:30 AM PDT: this isn't a surprise. I do find it funny that they actually recommend plugging an infected device into a computer for cleansing. Thats funny. Lawlz. HP got pwned.

http://www.unihacker.com; Reply to this comment


by tghounsell June 19, 2008 10:23 AM PDT: Your comment is basically nothing but flame-bait. And you haven't even picked a relevant story. This malware has nothing to do with OS security. If HP made OSX-based servers, the malware would be OXS-based malware. This malware doesn't need to circumnavigate security defenses, because it's trusted code.; Reply to this comment


by June 20, 2008 9:08 AM PDT: See how blocking devices will decrease malware infections:

http://extremesecurity.blogspot.com/2008/06/stop-malwares-using-device-control-real.html; Reply to this comment


by mbridge July 28, 2008 10:07 PM PDT: Thankfully "HP takes quality seriously." Otherwise they may have sent out USB sticks with malware on them.

Seriously, it was good of them to come forward and admit to their mistake to the customers who purchased the sticks.

http://www.MBridge.com; Reply to this comment


by revenant2 August 9, 2008 2:40 PM PDT: How can this happen? I've never heard this before.

sizegenetics clearpores; Reply to this comment

Latest tech news headlines

Audio slideshow: Video game orchestra
Posted in News - Gaming and Culture by James Martin

August 29, 2008 5:19 PM PDT
Intel acquires Linux mobile developers for Atom
Posted in News - Business Tech by Tom Espiner

August 29, 2008 5:11 PM PDT
Few tech tracks for McCain's VP pick
Posted in News - Politics and Law by Stefanie Olsen

August 29, 2008 5:09 PM PDT

RSS Feeds

Add headlines from CNET News.com to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Intel acquires Linux mobile developers for Atom
The chip giant has acquired open-source mobile specialist Opened Hand, which will now focus on developing a Linux software stack for Atom processors.
Gallery
Photos: Your ticket to the Democratic convention
News - Apple
Tethering coming soon to iPhone 3G?
If the latest e-mail claiming to be the work of Apple's CEO is accurate, iPhone 3G owners might soon be able to get their laptops online using their phone.
Outside the Lines
EIC Squared: Psystar vs. Apple, Cisco vs. Microsoft, Dell's cloud
On this episode of the EIC Squared podcast, CNET News' Dan Farber and ZDNet's Larry Dignan discuss the week's news.
Video
USB device spies on mobile phones
News - Wireless
Europe reduces cap on voice-roaming prices
Price reductions are due to EU regulation that aims to "curb the excessive roaming charges consumers had to pay for roaming calls."
Video
Up close with one-to-one computing
News - Gaming and Culture
Audio slideshow: Video game orchestra
In this audio slideshow, a symphony orchestra takes us on a trip down memory lane playing some of the most dynamic video game music written to date.
News - Cutting Edge
Art design for the masses, chosen by the masses
Industry execs say crowdsourcing is one of the best ways to stay on top of consumer trends, so a host of new sites are asking professional and armchair designers to submit art for sneakers, skateboards, car art, and stationery.
Gallery
Photos: Up close and one-to-one
The Daily Download
Earn your bandwidth black belt
Comcast will start implementing bandwidth limits in October, and hasn't even guaranteed users a tool to monitor their downloading. Here's a round-up of free programs you can use in the meantime, for both Windows and Mac.
News - Politics and Law
Democrats find 'green' political convention tough to enforce
The idea of the "greenest" convention in the party's history was an attractive one. But tens of thousands of humans generate a lot of trash. And not everyone wanted to give up their Yukon XL SUVs.