Cisco warns over warranty discs of EVIL
Malicious suppository Easter Egg shenanigans
Agentless Backup is Not a Myth
Networking giant Cisco has warned customers that a CD-ROM it supplied with its kit automatically took users to a site that was a known malware repository.
The affected CDs, designed to supply warranty information, were supplied to customers between December 2010 and August 2011. When the disc was opened, or if autorun was enabled, the disc took surfers to an unnamed malware depository site. Cisco said that the malware depository in question is currently offline, although whether it will stay that way is anybody's guess.
"To the best of our knowledge, starting from December 2010 until the time of this document's publication on August 3, 2011, customers were never in a position to have their computer compromised by using the CDs provided by Cisco," Cisco explains in a security notice. "Additionally, the third-party site in question is currently inactive as a malware repository, so customers are not in immediate danger of having their computers compromised. However, if this third-party website would become active as a malware repository again, there is a potential that users could infect their operating system by opening the CD with their web browser."
Warranty CDs printed with "Revision -F0" (or later), are safe. Cisco is offering downloads of clean ISO images to longer-standing customers who want to burn a safe copy of their warranty information.
From time to time vendors (digital camera makers, smartphone suppliers etc) supply kit that comes pre-installed with malware: normally because production or testing machines are infected. It's more difficult to fathom how an auto-direct to a malicious website was burned into a Cisco warranty CD. Anything from a exceptional unlucky typo, to subtle malware, to an Easter Egg left by a disaffected worker appear to be possibilities though no obvious candidate stands out... and the explanation could be down to something else altogether. ®
COMMENTS
Autorun?
I really hope someone doing disaster recovery on Cisco gear has atorun disabled
I wonder...
...if it took so long to notice because most of the Cisco warranty/product safety/regulatory compliance docs go straight in the bin? The same probably applies to other vendors as well.
Might check the next CD I get to see if the warranty document on the CD actually says "I've been sitting her for six months and all I have written is this. It's not like anyone will ever check...."
Tell us the URL then
so we can add it to our proxy block lists!! Or would that just be inviting trouble??
IT infrastructure monitoring strategies
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Data control in the cloud
Cloud based data management
Agentless Backup is Not a Myth
