IBM Distributes Malware on USB Sticks

For the second year in a row, attendees at the AusCERT conference in Australia got an ugly surprise from USB keys handed out at a vendor booth.The company wiping eggs from its face this year is IBM Australia.  According to an e-mail sent to AusCERT attendees, USB sticks distributed at the IBM booth contained malware that infected Windows computers.

For the second year in a row, attendees at the AusCERT conference in Australia got an ugly surprise from USB keys handed out at a vendor booth.

The company wiping eggs from its face this year is IBM Australia.  According to an e-mail sent to AusCERT attendees, USB sticks distributed at the IBM booth contained malware that infected Windows computers.

Here is the full text of the letter from IBM Chief Technologist Glenn Wightwick (via Drazen Drazic):

Dear AusCERT Delegate,

At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth.   Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected.

The malware is detected by the majority of current Anti Virus products [as at 20/05/2010] and been known since 2008.The malware is known by a number of names and is contained in the setup.exe and autorun.ini files.  It is spread when the infected USB device is inserted into a Microsoft Windows workstation or server whereby the setup.exe and autorun.ini files run automatically.

Please do not use the USB key, and we ask that you return it to IBM at Reply Paid 120, PO Box 400, West Pennant Hills 2120.

If you have inserted the USB device into your Microsoft Windows machine, we suggest that you contact your IT administrator for assessment, remediation and removal, or you may want to take the precaution of performing the steps below.

Steps to remove the malware:

  1. Turn off System Restore[StartProgramsAccessoriesSystem toolsSystem Restore]Turning off System Restore will enable your anti virus software to clean the virus from both your current system and any restore points that may have become infected.
  2. Update your antivirus tool with the latest antivirus definitions[available from your anti virus vendor of choice].
  3. Perform a full system scan with your AV tool to confirm the existence of the infection.  If malware is detected allow your AV to complete a clean.
  4. On completion of this process, complete a second scan using a different anti virus product. Free anti virus products are available from known companies such as AVG, Avira, Panda Software, or Trend Micro.
  5. Once a second scan has been performed and it is determined that your workstation is free of any known malware,  as a precautionary measure we recommended that you perform a back up of all vital files on your workstation and perform a full re-installation of the operating system.  

This process will remove the risk of other unknown or undetected malware that may be present on your machine.If you experience difficulties with the above steps, please contact the IBM Security Operations Team at secops@au1.ibm.com.  An IBM technical support person will contact you by phone to assist you.We regret any inconvenience that may have been caused.

Glenn Wightwick

Chief Technologist

IBM Australia  

At last year’s AusCERT conference, ISP Telstra distributed USB keys with autorun malware to attendees.

Suggested articles