Cisco customers mistakenly directed to malware site

Cisco has issued a security warning after it emerged that it inadvertently shipped CD-ROMs that automatically directed users to an inactive malware repository.

Cisco has issued a security warning after it emerged that it inadvertently shipped CD-ROMs that automatically directed users to an inactive malware repository.

The discs in question contained information on warranty and EULA terms and conditions, but also automatically sent users to a third party website when opened with a web browser.

Additionally, if used on a machine set up to automatically open user inserted media, the default web browser would access the third party site with no user action.

In a blog post on its website, Cisco said that the discs shipped between December 2010 and 3 August, but claimed that to the best of its knowledge "customers were never in a position to have their computer compromised by using the CDs".

"Additionally, the third-party site in question is currently inactive as a malware repository, so customers are not in immediate danger of having their computers compromised.

"However, if this third-party web site would become active as a malware repository again, there is a potential that users could infect their operating system by opening the CD with their web browser," said Cisco.

Cisco declined to go into detail about the number of customers affected in the UK.

Read more on Data Protection Services