Hewlett-Packard Takes Shipping Malware-Infested USB Sticks Very Seriously

WHO: Hewlett-Packard
WHAT: A batch of USB keys for HP’s line of ProLiant servers have been shipped infected with the worms W32.Fakerecy and W32.SillyFDC. Both can allow attackers to take over a system.
WHERE: HP ships USB sticks with malware [CNET] (Thanks to Jimbo!)
THE QUOTE: “HP takes all quality issues very seriously. Because the keys involved are used to install optional floppy-disk drives, this only affects the USB Floppy Drive Key kit which is a very low volume option and impacts a very small percentage of our ProLiant customer base. We’ve determined root cause and are fully confident that we have resolved this event. To date, no customers have reported this issue.”

“Taking it seriously” is a phrase companies use over and over again in public statements whenever they have bad PR. Our series of posts on occurrences of the phrase is our attempt to question how seriously companies are really taking these matters if every time they trot out this phrase by rote.
(Photo: jblyberg)


Edit Your Comment

  1. Angryrider says:

    Floppy? What people are still using that? Flash Drives are $8 a gig.
    My school already got rid of ALL the floppy drives for conventional use.

    And HP, how the heck can you ruin floppy drives. It’s outdated tech and yet malware is somehow included.

  2. Bladefist says:

    well floppies can be good for restoring pcs, and stuff like firmware drivers, and bios updates can be put on a floppy and easily booted too. Although most motherboards by now support booting to cdrom and usb sticks. Some people are still running older systems though.

  3. Bladefist says:

    when installing windows server 2003, you need floppies for your raid controller drivers

  4. DeleteThisAccount says:

    @Bladefist-미국사람: Yeah if you have an older server or just plain older equipment you may still need a floppy. Lots of these systems don’t have USB boot-ability.

    Good point Blade.

  5. Traveshamockery says:

    I ask because I do not know – how in the world does this happen? How did these things get infected?

  6. DeleteThisAccount says:

    @InfiniTrent: Lots of times an employee brings the malware in on a personal flash drive, their mp3 player… you know, anything that they take home and back to work.

  7. Blinker says:


    Perhaps you should upgrade to server 2008 instead of insisting on using old technology. You dont need a floppy for server 2008

  8. Orv says:

    @Blinker: There are lots of good reasons for running older Microsoft products, including stability. Often a new product from our friends in Redmond isn’t really stable until about the time the previous one reaches end-of-life, so people tend to wait to upgrade.

  9. Traveshamockery says:

    @AngrySicilian: So it’s typically intentional?

  10. azntg says:

    @Blinker: Newer isn’t always better ;-)

  11. Trai_Dep says:

    Has anyone checked to see if their punch card interface suffers from similar problems?

  12. LUV2CattleCall says:

    At least they didn’t blame Apple somehow…like when Apple shipped iPods with a free virus and had this to say

    “as you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.”

  13. mariospants says:

    hey, no hp-hate posts? thank you!