Hewlett-Packard has issued a security warning after the company found that for a year it has accidentally been shipping compact flash cards that may be infected with viruses.
In its advisory, HP said the compromised flash cards are part of certain HP ProCurve 5400 zl network switches purchased after April 30, 2011. "Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity," HP explained.
Network switches are essential and ubiquitous components in computer networking. Every business, large or small, that has a workplace network has at least one switch in its equipment closet. Most home Internet users don't have switches on the premises, but every Internet service provider uses switches to direct network traffic.
The company listed the serial numbers of all the potentially infected switches and detailed two ways to resolve the problem. Customers can either follow a script to "purge" the viruses from the flash card — this will not impact the operation of the network switch, HP said — or they can opt to replace the hardware entirely.
Although HP did not identity the malware that's possibly hiding on the flash cards bundled with the network switches, or how the malware found its way on to the flash cards, The Register said "an infected computer somewhere in the manufacturing process — possibly in a factory run by a third-party supplier — is the most obvious suspect."