update HP has released a batch of USB keys for numerous Proliant server models which contain malware that could allow an attacker to take over an infected system.
The worms contained on the 256KB and 1GB USB drives have been identified as W32.Fakerecy and W32.SillyFDC. The worms spread by copying themselves to removable or mapped drives and affect systems running Windows 98, Windows 95, Windows XP, Windows Me, Windows NT and Windows 2000, according to AusCERT.
HP's Software Security Response Team issued a warning to AusCERT this week after discovering the worms on the USB drives and have also provided a list of affected servers to the security response organisation.
To find out whether a drive is infected, HP recommends inserting it into a system with up-to-date antivirus software. Systems with up-to-date antivirus should be protected from the threat, according to HP.
John Bambenek, a researcher at the security organisation Sans Internet Storm Center, has said that because the infected USBs only affect Proliant servers, a targeted attack cannot be ruled out.
However, the threat risk from the worms is considered to be low. "This is probably not going to escalate into a widepread epidemic," Nishad Herath, senior research scientist at McAfee Avert Labs, told ZDNet.com.au. "But I would most definitely urge users to perform a virus scan of any media — including any new blank drives — you receive from vendors prior to installing/using them as slip-ups like this have been known to happen in the past."
HP claims the worm-infected USBs will have only affected a small number of customers.
"HP takes all quality issues very seriously. Because the keys involved are used to install optional floppy-disk drives, this only affects the USB Floppy Drive Key kit which is a very low volume option and impacts a very small percentage of our ProLiant customer base. We've determined root cause and are fully confident that we have resolved this event. To date, no customers have reported this issue," a spokesperson for HP told ZDNet.com.au.
HP has provided an ="http: h20000.www2.hp.com="" bizsupport="" techsupport="" document.jsp?lang="en&cc=us&objectID=c01404119&jumpid=reg_R1002_USEN" target="_blank" "="">advisory page for customers with affected USB keys.