Overclock.net › Forums › Industry News › Technology and Science News › [Webroot] Hewlett-Packard shipping malware-infected compact flash cards
New Posts  All Forums:Forum Nav:

[Webroot] Hewlett-Packard shipping malware-infected compact flash cards

post #1 of 9
Thread Starter 
Posted 2 days ago, but still i want to share:
Quote:
Earlier this week, HP’s Software Security Response Team issued a security bulletin, alerting users that certain HP ProCurve 5400 zl switches were shipped with malware installed on the associated compact flash cards.
Quote:
HP isn’t the first company to ship Certified Pre-Owned (CPO) hardware. Moreover, in 2008, the company once again shipped hardware with malicious software — W32.Fakerecy and W32.SillyFDC – on it, this time it was infected 256K / 1GB USB Drives.

These incidents are the result of a flawed quality assurance process, allowing cybercriminals an even deeper penetration in a company’s supply chain.

End and corporate users are advised to check whether their HP switch is malware-infected, and to follow the steps presented in the security bulletin in order to mitigate the risk posed by the infected compact flash cards.

Source - Webroot's Threat Blog

HP offers the customers either run a script on their system, or actually replace the hardware.
Edited by Colt - 4/17/12 at 11:47am
L'ordinateur
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 950 ASUS P6X58D-E Sapphire 6870 G.Skill Ripjaw 3x2GB 
Hard DriveCoolingOSMonitor
WD Caviar Black 1TB Noctua D-14 Win7 x64 Samsung 731B 
KeyboardPowerCaseMouse
HP OEM thingy Sapphire Pure 950w Antec DF-30 Logitech MX110 
Audio
Corsair Vengeance 1500 
  hide details  
Reply
L'ordinateur
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 950 ASUS P6X58D-E Sapphire 6870 G.Skill Ripjaw 3x2GB 
Hard DriveCoolingOSMonitor
WD Caviar Black 1TB Noctua D-14 Win7 x64 Samsung 731B 
KeyboardPowerCaseMouse
HP OEM thingy Sapphire Pure 950w Antec DF-30 Logitech MX110 
Audio
Corsair Vengeance 1500 
  hide details  
Reply
post #2 of 9
Who buys 256K, or 1gb for that matter? 2gb is about $10 at your local walmart. Even cheaper on Amazon. Most people buy Sandisk anyways. Although, I have seen people actually use an HP drive before.
MSI EX625
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core 2 Duo P7350 MSI MS-1674 ATI Radeon HD Mobility 4670 4GB 
Hard DriveOptical DriveOSMonitor
Samsung 320GB Sony CD/DVD writer Windows 7 Home 64-bit 16" 1366x768 
  hide details  
Reply
MSI EX625
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core 2 Duo P7350 MSI MS-1674 ATI Radeon HD Mobility 4670 4GB 
Hard DriveOptical DriveOSMonitor
Samsung 320GB Sony CD/DVD writer Windows 7 Home 64-bit 16" 1366x768 
  hide details  
Reply
post #3 of 9
Quote:
Originally Posted by cloudbyday View Post

Who buys 256K, or 1gb for that matter? 2gb is about $10 at your local walmart. Even cheaper on Amazon. Most people buy Sandisk anyways. Although, I have seen people actually use an HP drive before.

I've got a plethora of 1gb sticks ( cost all of $1/ea ) filled with bootable ISO's of Linux distro's.
post #4 of 9
I got a cure for it too.. Its called DON'T BUY THEIR CRAP..biggrin.gif
Mah BABY!
(16 items)
 
  
CPUMotherboardGraphicsRAM
MOS Tech 6510 Commodore VIC-II (320 X 200) 64K RAM 20K ROM 
Hard DriveCoolingOSMonitor
1541 Disk Drive Air Cooled Commodore Basic 2.0 Built in 5 inch CRT Monitor 
KeyboardPowerCaseMouse
Detachable SX-64 Keyboard with OEM keyboard cable. IEC-C14 connector (Standard three prong compute... OEM Don't need no mouse! 
Mouse PadAudioOther
Don't need no mouse pad! SID 6581 Sound Chip Final Cartridge III+ and SD2IEC drive. 
  hide details  
Reply
Mah BABY!
(16 items)
 
  
CPUMotherboardGraphicsRAM
MOS Tech 6510 Commodore VIC-II (320 X 200) 64K RAM 20K ROM 
Hard DriveCoolingOSMonitor
1541 Disk Drive Air Cooled Commodore Basic 2.0 Built in 5 inch CRT Monitor 
KeyboardPowerCaseMouse
Detachable SX-64 Keyboard with OEM keyboard cable. IEC-C14 connector (Standard three prong compute... OEM Don't need no mouse! 
Mouse PadAudioOther
Don't need no mouse pad! SID 6581 Sound Chip Final Cartridge III+ and SD2IEC drive. 
  hide details  
Reply
post #5 of 9
These aren't your standard compact flash or thumb drives you buy in a store guys.These are the flash cards with the OS for running there enterprise level switches. That were sold as Certified Pre Owned. Or Refurb for those that dont understand or read the article.
SixthElement
(17 items)
 
   
CPUMotherboardGraphicsRAM
i7-4770k Z87-GD65 MSI R7950 TF3 RipjawsX 8G 1600 CL9 
Hard DriveHard DriveOptical DriveCooling
OCZ Vertex 3 Western Digital Caviar Black LG DVD Multi / Lightscribe H100 
OSMonitorKeyboardPower
Win 7 Ult x64 Samsung 2494SW CM Storm Quickfire Reds Corsair HX750 
CaseMouseMouse PadAudio
550D G700 XTrac Ripper XXL Onkyo TX-SR804 
Audio
Bowers & Wilkins 686 BookShelfs 
CPUMotherboardGraphicsRAM
AMD 1090t 990FXA-UD7 MSI R7950 TF3 TBD 
Hard DriveOSPowerCase
Samsung 20G Win 7 Ultimate Corsair CM650 Fractal Design XL 
  hide details  
Reply
SixthElement
(17 items)
 
   
CPUMotherboardGraphicsRAM
i7-4770k Z87-GD65 MSI R7950 TF3 RipjawsX 8G 1600 CL9 
Hard DriveHard DriveOptical DriveCooling
OCZ Vertex 3 Western Digital Caviar Black LG DVD Multi / Lightscribe H100 
OSMonitorKeyboardPower
Win 7 Ult x64 Samsung 2494SW CM Storm Quickfire Reds Corsair HX750 
CaseMouseMouse PadAudio
550D G700 XTrac Ripper XXL Onkyo TX-SR804 
Audio
Bowers & Wilkins 686 BookShelfs 
CPUMotherboardGraphicsRAM
AMD 1090t 990FXA-UD7 MSI R7950 TF3 TBD 
Hard DriveOSPowerCase
Samsung 20G Win 7 Ultimate Corsair CM650 Fractal Design XL 
  hide details  
Reply
post #6 of 9
1. Simple way to mitigate risk.
2. Data gets stolen as a result of lousy QA.
3.Sue the snot out of HP.
4. ???
5. Profit

Plan B:
Don't buy from HP
Ereshkigal
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 ASUS P5B DELUXE EVGA 8800GTS 2GB G.SKILL DDR2 800MHZ 
Hard DriveOSMonitorKeyboard
western digital 200GBSATA XP SP2 Home 19" generic Saitek Eclipse Red 
PowerCaseMouseMouse Pad
stock 410W / TT dedicated GPU 250W PSU INWIN x710 Logitech MX1000 ... Uhhhh my desk 
  hide details  
Reply
Ereshkigal
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8400 ASUS P5B DELUXE EVGA 8800GTS 2GB G.SKILL DDR2 800MHZ 
Hard DriveOSMonitorKeyboard
western digital 200GBSATA XP SP2 Home 19" generic Saitek Eclipse Red 
PowerCaseMouseMouse Pad
stock 410W / TT dedicated GPU 250W PSU INWIN x710 Logitech MX1000 ... Uhhhh my desk 
  hide details  
Reply
post #7 of 9
thats some intense stuff.. these bugs get into switches they can bring a company to its knees ^ps Rebelord love the avatar wink.gif
post #8 of 9
guess who makes HP flash parts?........ PNY go figure
post #9 of 9
HP FTW!

Interesting how malware could get into products prior to end user use... Obviously they don't do much quality control and checking storage space... you think it would show up on the cards in "used space" on the drive....hmm
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [Webroot] Hewlett-Packard shipping malware-infected compact flash cards