14 DAY TRIAL // Cisco warns customers who received warranty CDs between December 2010 and August 2011 that they led to a website known as a malware repository.
"When the CD is opened with a web browser, it automatically and without warning accesses this third-party website. Additionally, on computers where the operating system is configured to automatically open inserted media, the computer's default web browser will access the third-party site when the CD is inserted, without requiring any further action by the user," the company explains.
Cisco does not believe that customers were at risk of being infected at any time during this period because the website was inactive. However, since this might change in the future, users are advised not to use the CDs.
CDs that do not have a revision number printed on them in the form of "Revision -#0," where # is a letter, and were received during the aforementioned period, most likely point to the rogue website. "Warranty CDs with the revision '-F0' or later do not contain a reference to the third-party website," the company notes.
The affected CDs have the titles: Cisco 1-Year Limited Hardware Warranty Terms, Cisco Limited 5-Year Hardware and 1-Year Software Warranty Terms, Cisco 90-Day Limited Hardware Warranty Terms, Cisco Information Packet - Cisco Limited Warranty, Disclaimer of Warranty, End User License Agreement, and US FCC Notice, Cisco Limited Lifetime Hardware Warranty Terms and End User License Agreement.
Clean images of these CDs can be downloaded from Cisco's website and all of the contained documents are also avilable online. Links to them are provided in the company's advisory.
Of course, Cisco is not the first company to ship software, hardware or documentation infected with malware or leading to it. Back in 2009, gaming hardware manufacturer Razer apologized after distributing infected drivers from its website.
More recently, Australian supermarket chain ALDI recalled units of an external hard drive model from customers after it was discovered that the devices carried a variant of the Conficker worm.