IBM Accidentally Sends Malware-Infected USB Sticks To Storage Customers

IBM accidentally sent USB memory sticks containing malware to some customers that ordered its the IBM Storwize V3500, V3700 and V5000 Gen 1 system flash storage products.

The malicious software is contained in the initialisation tool, which when launched copies the malware to the hard drive in a temporary folder. The application isn’t launched automatically, which is some small comfort to those impacted.

A full list of USB sticks impacted is listed here and IBM is urging customers to either destroy them immediately or repair the drives so they can be reused.

IBM security USB

However if the drive has already been used, IBM says businesses should ensure antivirus products are updated so the issues can be addressed. A list of what various antivirus providers identify the offending software as has also been released by IBM.

“If you have used the initialization USB flash drive from one of the IBM products listed … and have inserted it into a desktop or laptop to initialize a Storwize system, IBM recommends you verify your antivirus software has already removed the infected file or alternatively remove the directory containing the identified malicious file in the manner described below,” the company said.

Although this was an accident, it serves to highlight the ongoing tactic of disseminating malware using USB drives, some of which can be infected at the manufacturing stage.

An experiment by security researcher Elie Bursztein last year found that half of 297 sticks ‘dropped’ in random locations on a university campus were plugged into a PC.

Quiz: What do you know about IBM?