IBM accidentally shipped malware-infected USB drives to business clients

Posted on Thursday, May 04 2017 @ 13:36 CEST by Thomas De Maesschalck
IBM logo
Every once in a while reports pop up of tech vendors that accidentally ship malware to their customers. This time IBM confesses it distributed malware to some of its Storwize customers via a USB flash drive.

These flash drives contain an infected Initialization Tool from IBM for installing Storwize software. IBM says the malicious code gets copied to Windows, Mac and Linux systems as part of the tool's launch process, but claims the files aren't actually executed so it's relatively harmless:
Last week, IBM announced that it had accidentally distributed malware to some of its Storwize customers via a USB drive. The drive contains an Initialization Tool from IBM for installing legitimate Storwize software. Affected models include:

  • IBM Storwize V3500 – 2071 models 02A and 10A
  • IBM Storwize V3700 – 2072 models 12C, 24C and 2DC
  • IBM Storwize V5000 – 2077 models 12C and 24C
  • IBM Storwize V5000 – 2078 models 12C and 24C

    If your Storwize system serial number starts with 78D2, your system is not affected.
  • If your company received one of the infected USB drives, there may be malware on systems in the %TMP%initTool folder on Windows systems, or the /tmp/initTool folder on Linux and Mac systems. IBM recommends clients to delete this folder, and advises to either destroy the flash drive or wipe the "InitTool" folder from the flash drive and download a new version from its FixCentral.

    Via: ExtremeTech




    Loading Comments