Infected Cisco Warranty CDs

Cisco has issued a warning regarding information packet and warranty CDs shipped to customers between December 2010 and August 2011.  These CDs contain a link to a 3rd-party website known to be a malware repository.  Once the CD is inserted, it may auto-launch a broser session, or if manually launched with a browser, the user is automatically taken to the malicious site.   This 3rd-party site is currently inactive as a malware repository, but that doesn’t mean that it won’t start serving malware again sometime in the future.

According to the Cisco Alert, all warranty CDs printed with “Revision -F0” (or later) do not contain any references to the 3rd-party website and do not introduce a potential to compromise customers’ computers.   In order to prevent infection, Cisco is advising users to discard any affected CDs and to visit the Cisco worldwide website for access to the latest content, or to download ISO images in order to create new CDs.

It is hard to believe that something so innocuous as a warranty and support CD could present such an alarming risk to such a large number of businesses, and come from such a well respected, well funded, and professional company.  Cisco is networking, or at least they have been for a large number of us in the IT industry.  We all make mistakes, but this is truly unforgivable.  Cisco needs to come clean regarding how this “reference” came to appear on this media.  I would also be very interested to hear what Cisco is doing to ensure that it doesn’t happen again.

This is a serious exposure from a company that should really know better.  Many businesses rely on Cisco for providing infrastructure devices, devices at the very core of our networks.  The introduction of malicious websites from a help and support type CD from a trusted vendor needs to be fully explained, or Cisco’s reputation and esteem (at least with me and my customers) will forever be in question.  Just my 2¢.