CareFusion respiratory website “riddled” with malware | MassDevice.com On Call
June 20, 2012 by MassDevice staff
A scan of CareFusion’s respiratory devices software updating website finds it infected with viruses and other malicious code that may have been transmitted to users’ computers.
Updated June 22, 2012, at 6:00 p.m. EST: This brief erroneously stated that viruses were discovered on CareFusion’s respiratory software systems. The malicious code was found on the website that houses the software updates, not in the software itself.
MassDevice On Call
MASSDEVICE ON CALL — Google web services put a block on CareFusion’s (NYSE:CFN) respiratory software delivery website after a scan of the site found viruses and other malicious programs that may have been transmitted to users’ computers.
Trojans and other software exploits that installed on user machines without consent were found on 20 pages of CareFusion’s ViasysHealthcare.com website, according to a Google “safe browsing” report.
CareFusion uses the site to distribute software updates for its Avea line of ventilators, and the site was “listed for suspicious activity” twice in the last 3 months, according to the report.
A CareFusion spokeswoman told ThreatPost that the company was investigating the matter and that the software updates had been removed from the site for the time being.
The malware infection was first uncovered by Kevin Fu, a medical device hacker and researcher who was the 1st to demonstrate that a Medtronic pacemaker was susceptible to malicious hacking.