Malware Infected USB Sticks on the Loose
May 18, 2017
Oops. We learn from TechRepublic that “IBM Admits it Sent Malware-Infected USB Sticks to Customers.”
The article cites the company’s support Advisory Post announcing the problem, a resource anyone who has received an IBM Storwize V3500, V3700 or V5000 USB drive should check for the models and serial numbers affected. The recommended fix—destroy the drive and, if you’d already inserted it, perform a malware purge on your computer.
Writer Conner Forrest describes:
So, what does the infected drive actually do to a system? ‘When the initialization tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop during normal operation,’ the IBM post said. Then, a malicious file is copied to a temporary folder called %TMP%\initTool on Windows or /tmp/initTool on Linux or Mac. It is important to note that, while the file is copied onto a machine, it isn’t actually executed during the initialization process, the post also said. As reported by ZDNet’s Danny Palmer, the malware was listed by Kaspersky lab as a member of the Reconyc Trojan malware family, which is primarily used in Russia and India.
It might be understandable if this were the first time this had happened, but IBM also unwittingly distributed infected USB drives back in 2010, at the AusCERT conference in Australia. Let us hope there is not a third time; customers rightly expect more vigilance from such a prominent company.
Cynthia Murrell, May 18, 2017