HP Warns Of Malware-Infected Flash Cards

A “potential security vulnerability” in flash cards shipped with ProCurve 5400zl network switches could lead to HP customers accidentally exposing their computers to malware.

The company issued a warning on Tuesday saying that only switches purchased after 30 April 2011 were affected, listing serial numbers of the products that may have been compromised.

Malware mishap

The warning does not clarify how the flash cards became infected and what kind of malware was contained, but offers two possible solutions.

The first suggests a “software purge” in which HP would provide a script for the switch manager to run. This will supposedly delete the files and directories without exposing the computer to malware contained on the flash card. In this solution, the customer will experience no downtime.

In the second solution however, uptime would be affected as users would be required to fully replace the Management Module. This option is “for those customers who have 5400zl switch inventory that is not on their network and must be purged” and any customers who do not feel comfortable using the software purge solution. In this case, HP will send an advanced replacement module and ask for the original one to be sent back.

While slightly embarrassing for HP, it is not the first tech company to accidentally ship malware to customers. In 2010, Dell had to contend with a similar issue when customers began reporting spyware infections after installing replacement server motherboards.

Think you know security? See how much you know with our quiz.