IBM Storewize Malware: Company Tells Customers To Destroy Flash Drive That Contains Malware
IBM is urging its customers to destroy USB flash drives that shipped with the company’s Storwize storage systems because the drives may be infected with malware.
According to a support advisory posted by the company Tuesday, the affected flash drives—which are intended to contain the initialization tool for the Storewize systems—include those shipped with the Storewize V3500, V3700, and V5000 Gen 1 systems.
Read: IBM Bets Big On Blockchain, The Bitcoin Technology That Could Revolutionize Business
The infected drives shipped with the partnumber 01AC585. Users who have a drive labeled with that number are advised to destroy the drive completely so it can’t be used or spread. IBM noted Storwize systems with serial numbers starting with 78D2 are not affected.
When the infected flash drive is plugged into a computer, the malware makes its move over to the device by copying its malicious code into a temporary folder while the Storewize initialization tools launches. The code will appear in a folder named “%TMP%initTool” on Windows or /tmp/initTool on Linux and Mac machines.
While the malicious files are copied onto the computer, the file is not executed during the initialization process, according to IBM.
The company also noted that the Storwize storage systems themselves and the data stored on those systems are not infected with the malware—it’s solely the flash drive that is at risk.
Read: 36 Android Devices Come With Malware Preinstalled
According to security firm Kaspersky Lab, the malicious code found on the drives is related to the malware family of the Reconyc Trojan, which is capable of intercepting keyboard input, taking screenshots and capture a list of active applications, among other things.
The malware is found predominantly in Russia, where more than one-third of all instances of the attack took place. India is another major target for the trojan, but instances of the attack have been noted in countries around the world.
IBM advises customers who may have already used the infected flash drives to run an antivirus scan to find and remove the folder containing the malicious code. They are also advised to destroy the drive to avoid ever repeating the process.
However, the company does suggest users can continue using the flash drive by first deleting the InitTool folder found on the drive itself. After removing it, and scanning the drive with an antivirus tool to ensure it is safe, users can download a new initialization tool package from IBM’s FixCentral.
While IBM acted quickly in order to mitigate the issue, it shows just how difficult it can be for users to stay secure. Even taking proper precautions to protect their own system, a person can be betrayed by a malicious attack hitting a company’s supply chain.
The issue is reminiscent of a report earlier this year in which Android devices were infected with malware before reaching consumers, and underscores the need for extra precautions to stay safe.
© Copyright IBTimes 2024. All rights reserved.