IBM ships malware infected flash drives to Storwize customers
IBM is warning customers of its Storwize hybrid enterprise storage solutions that it has accidentally sent out some malware infected USB sticks.
Companies ordering the Storwize V3500, V3700 and V5000 Gen 1 flash storage solutions may have been sent the infected sticks. The malware is contained in the directory for the initialization tool and when the tool is run it gets copied to a temporary directory on the computer’s hard drive.
The malware doesn't target the storage system itself and it doesn't run automatically but, if launched, it will try to infect the Windows system it's on and may download further malware.
IBM isn't saying how many infected sticks have been sent out but there are details on its website of how to spot them. The company advises that infected sticks should either be destroyed or have the infected folder securely wiped and replaced by a clean download of the initialization tool from Fix Central.
Up to date anti-malware solutions from most of the major providers, including ESET, McAfee, Kaspersky, Symantec, etc, are able to detect the malware. The link above includes a complete list.
While IBM deserves credit for acting quickly to alert its customers, this does go to show that even when you receive software from a respected tech giant it may not always be what is seems.