What could possibly go wrong if you order a dozen on two USB sticks from one of the most renowned and secure manufactures in the world? It might be infected.
IBM has issued an alert after it was found that the USB flash drives shipped were infected with malware. “IBM has detected that some USB flash drives containing the initialization tool shipped with the IBM Storwize V3500, V3700 and V5000 Gen 1 systems contain a file that has been infected with malicious code,” IBM Support stated in a post.
When the initialization tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop during normal operation. With that step, the malicious file is copied with the initialization tool to the following temporary folder – on Windows systems: %TMP%\initTool, on Linux and Mac systems -/tmp/initTool. While the malicious file is copied onto the desktop or laptop, the file is not executed during initialization.
The Initialization Tool on the USB flash drive with the partnumber 01AC585 that shipped with the following System models may have an infected file. These were IBM Storwize V3500 – 2071 models 02A and 10A, IBM Storwize V3700 – 2072 models 12C, 24C and 2DC, IBM Storwize V5000 – 2077 models 12C and 24C, IBM Storwize V5000 – 2078 models 12C and 24C.
It stated that the IBM Storwize Systems with serial numbers starting with the characters 78D2 are not affected, “Neither the IBM Storwize storage systems nor data stored on these systems are infected by this malicious code.”
The company is recommending to either destroy the flash drives or securely wipe the drives so that they can be reused.