IBM Ships Trojanized USBs to Storage Customers

IBM Ships Trojanized USBs to Storage Customers

IBM has inadvertently shipped off untold numbers of malware-laden USB flash drives to unwitting customers.

Big Blue sent the USBs to act as initializers for its Storwize disk racks. Now, it’s telling users to "securely destroy the USB flash drive so that it cannot be reused,” or wipe it—and to instead download the files needed.

The USBs have the part number 01AC585, and IBM has listed the various models with which it could have shipped. It also said that the laptop or desktop used to configure the storage arrays are the targets, rather than the storage servers themselves.

According to Kaspersky, the malware is a trojan dropper that can be used to fetch an array of secondary malware, including ransomware and espionage worms. In the past, more than a third of its infections has been concentrated in Russia. IBM’s unintentional role as a distribution partner could widen its reach considerably.

“The malicious program copies its executable file to a temporary folder on the user’s computer and modifies the operating system registry, enabling the malware to run automatically after the user logs in to the system,” Kaspersky said. “The malware decrypts itself, performs extraction from its resources section and launches other malicious programs.”

Affected users should ensure their antivirus products are updated, and be configured to scan temporary directories and address any issues identified. To manually remove the malicious file, users can delete the temporary directory named %TMP%initTool in Windows and /tmp/initTool on Linux and Mac.

Source: Information Security Magazine