IBM warns of malware on USB drives shipped to customers

IBM said some flash drives for Storewize initialisation should be destroyed because they may contain Trojan malware.
Written by Danny Palmer, Senior Writer

VIDEO: IBM shipped Storwize USB flash drives containing a Trojan

IBM has urged customers to destroy USB drives which shipped with some of its Storewize storage systems because they may contain malware.

In a support advisory, the company has said an unspecified number of USB flash drives containing the Storewize initialisation tool for V3500, V3700, and V5000 Gen 1 systems are infected with malicious code.

All infected USB flash drives were shipped with the number 01AC585, which IBM has told customers should be securely destroyed so it can't be reused.

According to data from Kaspersky Lab, the malicious code is a member of the Reconyc Trojan malware family, which predominantly targets victims in Russia and India, but it has been known to infect systems across the globe.

In the case of the code shipped on the USB drives, the malware gets onto the system when the Storewize initialisation tool is launched from the drive, copying the malicious code into a temporary folder: ' %TMP%\initTool' on Windows systems or '/tmp/initTool' on Linux or Mac systems.

However, the code itself is not actually executed during the initialisation, IBM said.

"Neither the IBM Storwize storage systems nor data stored on these systems are infected by this malicious code. Systems not listed above and USB flash drives used for Encryption Key management are not affected by this issue," the company said.

To rid an infected system of the malware, IBM recommends running antivirus software. Alternatively, it can be removed from the system by deleting the temporary directories which are created when the drive is run.

"IBM recommends ensuring your antivirus products are updated, configured to scan temporary directories, and issues identified by the antivirus product are addressed," IBM said in its notice.

Once the directory is removed from the system -- and even if the infected drive hasn't been used -- IBM recommends destroying the flash drive so it doesn't have the option of installing malware.

Alternatively, IBM says the flash drives can be repaired by deleting the InitTool folder on the USB and downloading a new initialisation tool package from FixCentral, before manually scanning the USB with antivirus software to ensure it's Trojan-free. Those with further questions are urged to contact IBM Support.


Editorial standards