Cisco puts out a warning about dodgy CD ROMS

NETWORKING OUTFIT Cisco has put out a security warning after unknowingly shipping CD ROMs that redirected its customers to an inactive malware repository.

The discs, which contained information on warranty and EULA terms and conditions, sent users to a third party web site when they were opened with a web browser. The dodgy discs were sent between December 2010 and August this year.

Meanwhile, those who had set up their machine to automatically open user inserted media were worse off, as the default web browser would access the third party web site with no user action.

In a post on its web site, Cisco said, "In the period of December 2010 until August 2011, Cisco shipped warranty CDs that contain a reference to a third-party web site known to be a malware repository. When the CD is opened with a web browser, it automatically and without warning accesses this third-party web site."

"Additionally, on computers where the operating system is configured to automatically open inserted media, the computer's default web browser will access the third-party site when the CD is inserted, without requiring any further action by the user."

It added however, that customers were "never in a position to have their computer compromised by using the CDs provided by Cisco".

In fact, it said, the third-party web site in question is currently inactive as a malware repository, so customers are not in "immediate danger" of having their computers compromised. However, if this third-party web site were to become active as a malware repository again, "there is a potential that users could infect their operating system by opening the CD with their web browser".

Cisco said that warranty CDs printed with "Revision -F0" or later do not contain references to the third-party website and do not introduce a potential to compromise customers' computers. µ