Malware-laden cards delivered with HP switches
HP issued a security a security bulletin notifying buyers of its ProCurve 5400 zl switches that the compact flash cards contained in it might be infected with a virus.
Practically no details about the malware in question have been shared, but it seems that the switch itself is not affected by it.
“Reuse of an infected compact flash card in a personal computer could result in a compromise of that system’s integrity,” though.
The list of affected devices is given in the bulletin, and users who purchased a HP 5400 zl series switch after April 30, 2011 should definitely take a look at it. HP offers two solutions for getting rid of the malware: a software purge option or a plain and simple hardware replacement.
It is impossible to know how the compact flash cards got infected without additional sharing of information from the company, but the most likely explanation is that a computer involved in the manufacturing process was infected and passed the infection on.
Incidents such as this one are unavoidable in the long run but, luckily, very rare.
The most important thing for the manufacturers is that they promptly, sincerely and adequately respond to them – a lesson that some have hopefully learned after handling them badly.