HP Warns of ProCurve Switches Infected With Malware

The ProCurve 5400zl network switches include compact flash cards infected with malware that, if used in PCs, could compromise the systems.

Hewlett-Packard is warning enterprise customers that some of its ProCurve 5400zl series switches may have shipped with virus-infected compact flash cards.

In a notice sent April 12, officials with HP€™s Software Security Response Team said that if a flash card with the malware is taken out of the switch and put into a PC, that system could become infected.

HP did not outline what malware was found on the switches, where it came from or what the malicious code was designed to do. The affected switches were bought after April 30, 2011, and the company listed the serial numbers in the alert that was sent out.

According to HP officials, there are two ways of dealing with the malware. The first is what they called a software purge, where HP gives the customer a script that is run by the switch manager €œusing the €˜show tech custom€™ command. This script will delete the file(s) and directory without exposing a personal computer to the files on the compact flash. The operation of the switch is not impacted. This option is best for customers wanting to maximize the uptime of their network.€

The other option is replacing the hardware, which HP officials said is best for businesses that have the 5400zl series switches but don€™t yet have them on their network.

€œ[T]his option allows for the Management Module to be replaced,€ they said. €œAlso, any customer that feels uncomfortable performing the Software Purge Option can choose the Hardware Replacement Option as well. An advanced replacement Management Module will be sent to the customer. Once it arrives, the original Management Module is returned to HP after the new one is installed. The downside to this option is that the 5400 zl switch must be powered down in order to replace the Management Module, resulting in downtime.€

The ProCurve 5400zl series LAN switches are designed to be deployed at the edge of the network. The switches offer 10 Gigabit Ethernet capabilities and Power over Ethernet (PoE), and are built for data centers that need scalability and easy deployment and operation. They also feature HP€™s Adaptive Edge Architecture, which HP officials say enables greater adaptability in the networking infrastructure based on changing demands.

Hardware that is shipped with malware, while not common, is not unheard of, and HP has had some problems in the past. In 2001, some HP printers that were shipped had software infected by the FunLove malware. In addition, HP€™s Australia business in 2008 said that some of its ProLiant servers were infected by malware called Fakerecy and SillyFDC.