HP warns of infected hardware

ProLiant USB keys come with virus free of charge

HP has issued a security notice after USB keys shipped with some of its ProLiant servers were found to have been infected with viruses.

The keys, which come in 256MB and 1GB varieties, are used to help configure the servers on installation.

"A potential security vulnerability has been identified with two types of optional HP USB Floppy Drive Keys intended for use with certain ProLiant servers," reads the advisory.

"This vulnerability could cause a local 'W32.Fakerecy' or 'W32.SillyFDC' virus infection."

The W32.Fakerecy is written primarily for removable drives and was first reported last year. W32.SillyFDC is also adapted for removable drives but can also be used to download more malicious files onto an infected machine.

"This is a worrying security lapse, especially as it comes from a major global brand with huge resources," said John Hawes, technical consultant at Virus Bulletin.

"Production and release procedures at all serious companies should be locked down tight to prevent this kind of thing – if we can't trust the big boys to keep their systems clean, who can we trust?"

It is not known whether the malware got on the drives as part of a targeted attack against HP’s products or if it was accidentally introduced due to problems on the manufacturer's side with infected machines.