CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 21st, 2010

IBM Hands Out Malware-infected USB At AusCERT Security Conference

IBM has apologised after supplying a malware-infected USB stick to delegates of this week’s IBM AusCERT security conference.

The unlovely gift was supplied to an unknown number of delegates to the Gold Coast, Queensland conference who visited IBM’s booth. IBM’s apology email does not identify the strain of malware involved in the attack beyond saying it’s a type of virus widely detected for at least two years which takes advantage of Windows autorun to spread.

At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected.

The malware is detected by the majority of current Anti Virus products [as at 20/05/2010] and been known since 2008.

The malware is known by a number of names and is contained in the setup.exe and autorun.ini files. It is spread when the infected USB device is inserted into a Microsoft Windows workstation or server whereby the setup.exe and autorun.ini files run automatically.

Please do not use the USB key, and we ask that you return it to IBM at Reply Paid 120, PO Box 400, West Pennant Hills 2120.

Problems of this type occur when any one of the PCs involved in loading content onto a USB stick is itself infected with malware. This could have happened either at IBM itself or its suppliers.

Malware-infected USB incidents have cropped up at AusCERT before. Australian telco Telstra distributed malware-infected USB drives at AusCERT 2008, according to securecomputing.net.au

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Olympus Dsitributed Cameras With Malware-Infected Cards In Japan
  • IBM’s New USB-based Device Might Allow Safer Online Banking
  • HP Ships Proliant Server USB Keys With Malware
  • USB Devices Containing Worms Threaten US Army, All Removable Devices Temporarily Banned
  • Windows .lnk Shortcut Zero-Day Critical Vulnerability Confirmed By Microsoft

    • Posted in Breaches And Incidents, Malware | Print This Post Print This Post

    This entry was posted on Friday, May 21st, 2010 at 3:21 am and is filed under Breaches And Incidents, Malware. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: IBM Hands Out Malware-infected USB At AusCERT Security Conference

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »