Who doesn’t love getting freebies when purchasing a brand-new electronic device? However, it’s another story altogether if the freebie is pre-installed malware.
HP Australia has recently warned the public about an undisclosed number of 256 MB and 1 GB USB keys shipped with some of its Proliant line of servers that come infected with the Fakerecy and SillyFDC malware, which could be transmitted onto the system once the keys are plugged in. These USB keys are to be used by those who want to install optional floppy-disc drives into their server devices. The malware bear file names that could be mistaken for legitimate system files (such as WinUpdter and ctfmon). They are detected by Trend Micro as WORM_AUTORUN.AZB and WORM_VB.BDN.
Although HP and even the Australian Computer Emergency Response Team (AusCERT) assure that this is a low-level threat given the nature of the USB keys’ purpose and capabilities of the malware, this incident once more highlights the growing use of USB devices as a carrier of those undesirable applications. Early in the year, a batch of China-made media players called Victory LT-200 was shipped with a file infector.
To be safe, it is best to check even brand new USB devices for potential infections by scanning them with up-to-date antimalware software before accessing any of its contents. As Forrest Gump was known to have said, “Life is like a box of chocolates, you’ll never know what you’re gonna get.” I guess these days, that goes for USB drives, too.