HP Ships USB sticks with Malware

ZDNet News | HP Ships USB sticks with Malware | Apr 9 2008 | link

Hewlett-Packard has released a batch of USB keys for numerous Proliant server models which contain malware that could allow an attacker to take over an infected system.

The worms contained on the 256KB and 1GB USB drives have been identified as W32.Fakerecy and W32.SillyFDC. The worms spread by copying themselves to removable or mapped drives and affect systems running Windows 98, Windows 95, Windows XP, Windows Me, Windows NT and Windows 2000, according to AusCERT.

Not only would I like to know how something like this happens but I’m especially concerned that the sticks shipped with Proliant servers instead of a normal desktop. This indicates a higher level of viciousness on the perpetrator. HP should be all over this and be as transparent as possible.

Finally, if you look at the comments one reader notes that many USB sticks off the shelves have malware installed, so much so that her employer (DoD) will not allow them. I can verify if this is true or not but it leads me to ask 2 questions.

1. Have you ever obtained a new USB stick and found malicious software on it?
2. What would be the safest way to do a format of a new key w/out comprising your main system?

Leave a Reply