HP announced that some HP ProCurve 5400 zl switches have been shipped that contain malware-infected compact flash cards in a security bulletin released Apr. 10.
Switches are used by enterprises to connect network segments or network devices. The alert warns that if an infected compact flash card is reused in a computer, that machine can become infected. HP gave no information about the malware involved, but a list of the affected versions of the HP ProCurve switches (purchased after Apr. 30, 2011) is available in the security bulletin.
HP is urging customers to address this issue as soon as possible, and is offering two solutions. The first, the Software Purge Option, is recommended for customers who want to avoid network downtime, and involves running a script to delete the malicious file and directory.
According to the HP Software Security Response Team, “HP provides a script that is run by the switch manager using the ‘show tech custom’ command. This script will delete the file(s) and directory without exposing a personal computer to the files on the compact flash. The operation of the switch is not impacted.”
The second option is the Hardware Replacement Option is for customers who have 5400 zl switch inventory that needs to be purged to allow the Management Module to be replaced or anyone who feels “uncomfortable” with the first option.
In this case, “An advanced replacement Management Module will be sent to the customer. Once it arrives, the original Management Module is returned to HP after the new one is installed. The downside to this option is that the 5400 zl switch must be powered down in order to replace the Management Module, resulting in downtime,” said the Software Security Response Team.
Network switches like the HP ProCurve versions are used to control traffic in LANs (local area networks). The hardware is more sophisticated than a hub, because a switch has the ability to process and pass data only to the intended receiver, where a hub would pass it to all machines on the network.
The ProCurve 5400 zl switch series contains layers 2, 3 and 4 switches, which HP’s website says “support integrated advanced capabilities in chassis (6-slot and 12-solt) form factor” and offer scalability.