Supply chain security has been a hot topic of late, particularly with regards to America’s dependence on IT infrastructure manufactured overseas. Lately, reports haven’t pulled any punches in alluding to Chinese involvement in surreptitiously compromising equipment destined for the United States. Although the source has not been confirmed, Hewlett Packard ProCurve 5400 zl Switches have been identified as having shipped to customers with infected compact flash cards. Only particular batches of serial numbers after April 30, 2011 are amongst the infected lot. The malware does not have an impact on the switch itself but is believed to target PCs once a user removes the card from the switch and transfers it to a regular machine. The security announcement from Hewlett Packard can be viewed here.