HP admits that it has accidentally been selling USB flash drives pre-infected with malware. Dubbed the HP USB Floppy Drive Key, the device is a combination flash drive and compact floppy drive and is designed to work with various models of HP’s ProLiant Server line. HP sells two versions of the drive, one with 256MB capacity and the other with 1GB capacity. Since these are normal flash drives, they can also be used to other computers. The worms contained on the USB drives have been identified as W32.Fakerecy and W32.SillyFDC, which spread by copying themselves to removable or mapped drives and could allow an attacker to compromise an infected system running Windows 95/98/XP/Me/NT/2000.

If a compromised drive is plugged into a USB port on any machine on the network, the worms may spread “to any mapped drives on the server,” HP’s alert said.

Users are advised to disable the default autorun settings and make sure that virus protection is active and up-to-date.

Popularity: 2% [?]