Published in News
HP admits selling infected USB flash drives
by David Stellmack on08 April 2008
Were pre-infected with malware
Hewlett-Packard has admitted in a security bulletin that it released last week to selling USB-based hybrid flash-floppy drives that contained malware and were infected with computer viruses at the HP plant. The HP USB Floppy Drive Key is a flash drive that replaces the floppy drive and it was designed to work with HP’s ProLiant Server line of various models.
Security analysts stated that the infection was targeted at HP’s ProLiant servers and was intentionally planted. HP has confirmed that the flash-floppy drive may come with a pair of worms, but did not offer further details.
It did not indicate how many of its drives were suspected to be infected, how the infection was discovered or where or when the infections occurred. HP’s alert advised that a compromised drive that was plugged into a USB port on any network machine could spread the worms to any mapped drives on the server.
While current anti-virus software should find the malware, HP did not indicate which software would better find and eliminate the worms. Symantec reportedly has ‘signature definitions’ for both malicious codes, which are identified as “SillyFDC” and “Fakerecy.”
Apparently, HP isn’t the only company with infected flash-floppy drives that are for use on servers. Retailer BestBuy has reportedly admitted that it sold digital photo frames during the recent holiday season that contained malware, yet BestBuy so far has offered no recall to those who purchased the frames.