HP recently published a security bulletin stating that some of its ProCurve switches were recently shipped to customers with malware-infected flash cards.
"According to HP's Software Security Response Team, the potential threat exists on HP 5400 zl series switches purchased after April 30, 2011 with certain serial numbers listed in the security advisory," writes SecurityWeek's Mike Lennon.
"HP did not provide details on which piece of malware was included on the switches or what the program is capable of doing," writes Threatpost's Dennis Fisher. "However, the company is encouraging customers to address the issue immediately. They suggest that customers either use a software script that will remove the malware from the flash card or opt for a hardware replacement through which HP will ship out a new module to replace the infected one."
"While the malware couldn't do anything to the 10 Gbps-capable line of LAN switches, if the customer ever decided to re-use the card and insert it into a computer, that computer would likely be compromised," writes PCMag.com's Fahmida Y. Rashid. "It's not that unlikely a scenario. The switches ship with 1GB cards, and someone frantically looking for a flash card could conceivably borrow the card to perform a quick task."
"It's unclear how the unknown malware got onto the Flash cards that come bundled with the 10 Gbps-capable line of LAN switches, but an infected computer somewhere in the manufacturing process -- possible in a factory run by a third-party supplier -- is the most obvious suspect," writes The Register's John Leyden.
"While slightly embarrassing for HP, it is not the first tech company to accidentally ship malware to customers," notes TechWeekEurope's Jiten Karia. "In 2010, Dell had to contend with a similar issue when customers began reporting spyware infections after installing replacement server motherboards."