Cisco ships malware-infected warranty CDs for a year

Supply chain threat remained unnoticed until Wednesday.

Cisco has admitted to sending customers warranty CDs that, when opened in a browser, took users to a website know to have hosted malware.

The networking giant announced its discovery on 3 August, almost a year after it first started shipping the warranty CD.

“When the CD is opened with a web browser, it automatically and without warning accesses this third-party website,” it explained, disclosing that it was “known to be a malware repository”.

Cisco had shipped the CD between December 2010 and August 2011, but to the best of its knowledge “customers were never in a position to have their computer compromised by using the CDs provided by Cisco.”

“The CD itself does not include any malware, but documents on the CD, if opened in a browser, may include content from known malicious sites and could have lead to exploitation of the user,” the Internet Storm Center’s Johannes Ullrich explained.

Although the malware site was currently inactive, Cisco was concerned that if it was reactivated “users could infect their operating system by opening the CD with their web browser.”

The exact date Cisco discovered the problem is not clear, however it said that all warranty CDs shipped in August will have a unique "revision designator" in the form "Revision -XO" while any CDs containing the revision "-FO" or later do not lead users to that third party website. 

Tags malwareciscoinfected computershosted malware

Show Comments