Cisco ships malware-infected warranty CDs for a year

Supply chain threat remained unnoticed until Wednesday.

Cisco has admitted to sending customers warranty CDs that, when opened in a browser, took users to a website know to have hosted malware.

The networking giant announced its discovery on 3 August, almost a year after it first started shipping the warranty CD.

“When the CD is opened with a web browser, it automatically and without warning accesses this third-party website,” it explained, disclosing that it was “known to be a malware repository”.

Cisco had shipped the CD between December 2010 and August 2011, but to the best of its knowledge “customers were never in a position to have their computer compromised by using the CDs provided by Cisco.”

“The CD itself does not include any malware, but documents on the CD, if opened in a browser, may include content from known malicious sites and could have lead to exploitation of the user,” the Internet Storm Center’s Johannes Ullrich explained.

Although the malware site was currently inactive, Cisco was concerned that if it was reactivated “users could infect their operating system by opening the CD with their web browser.”

The exact date Cisco discovered the problem is not clear, however it said that all warranty CDs shipped in August will have a unique "revision designator" in the form "Revision -XO" while any CDs containing the revision "-FO" or later do not lead users to that third party website. 

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags malwareciscoinfected computershosted malware

More about Cisco

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts