HP Ships Proliant Server USB Keys With Malware
HP Australia has warned that optional USB keys shipped with some of its Proliant servers are infected by malware.
A batch of 256MB and 1GB USB keys that ship with the servers are infected by the Fakerecy and SillyFDC viruses. The keys are involved in installing optional floppy-disc drives. It’s unclear how many infected USB sticks were distributed.
Fakerecy and SillyFDC are both low-risk worms that spread by copying themselves onto removable media. The malware likely got onto Proliant USB disks via an infected machine in a factory rather than as some part of a targeted attack.
The incident isn’t very threatening since the malware simply isn’t potent enough to do anything useful from the point of view of hackers. It’s also hard to believe that anything but a very small minority of shops would need to support floppy discs on Proliant servers, thereby risking exposure.
Nonetheless the incident illustrates the growing use of USB drives as a vector for viral infection. Previous incidents of infected devices coming out of the factory have cropped up infrequently over the last few months. To date these incidents have involved digital photo frames and the like.
Up to date anti-virus software would detect both the viruses involved in the Proliant USB attack. But that may not help in cases where security software is installed onto servers after floppy disc support is added. Disabling autorun thwarts both the Fakerecy and SillyFDC worms and may be the better option.
You can protect yourself against USB-based (and Fireware) malware with few simple steps:
1) Take the vendor who made the device and do a google news search on it. Odds are you aren’t the first to buy it and if it comes with badware it may be news. If you see a story about it, check the vendor webpage and see if you can compare serial numbers of infected/non-infected versions.
2) Every time you get a USB device scan it for malware before you use it with your anti-virus software’s latest DATs. This includes picture frames, USB keys, SD Cards, USB/Fireware harddrives, iPods, MP3 players, everything.
3) If you do receive a malware hit, try to report and forward it to anti-virus vendors.
4) Even if you do not see any malware, there is a possibility you are not safe. If you notice “odd” behavior of your machine (connections to a random machine you don’t know, changing your default homepage, etc), be wary. Update your DATs and scan with anti-virus.
6) Turn off “autorun” software on your operating system. It makes life less convenient, but it saves you from automatically running software that you don’t want. If you want complete safety and it doesn’t void your warranty/ability to return the device or make the device irrelevant format the drive completely using a data shredder or other tool to torch every single byte that is on the device.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.