Big Blue published a warning to its Storwize enterprise customers that they may have accidentally been sent USB installation drives infected with malware. IBM released the mistake last week, and is now warning any customers that may have the infected drives to act quickly.
Companies that ordered the 1st generation Storwize V3500, V3700, and V5000 storage solutions offered by IBM may have been sent the infected USB drive. The malware is located in the initialization directory (InitTool) and when the file is read the malware is copied into a temporary directory onto a local storage device. The malware itself does not run automatically, but if it is launched it will attempt to download further malware, including a trojan horse, infecting the system.
IBM recommends that customers that have already inserted an infected storage device into their system, remove the device, destroy or cleanse the initialization tool from the device by deleting the InitTool folder and any files located in the folder. IBM also recommends deleting the malicious software from the temporary folders located on the local machine (listed below).
Windows systems: %TMP%\initTool
Linux and Mac systems: /tmp/initTool
IBM has a support note on finding the malicious drives, safeguarding systems, and cleansing all devices of the malicious software here. After the malicious drive and software has been removed an anti-virus program should be used to find any other potential malicious software. The malicious file in question can be detected by the following anti-virus programs listed below.
Big Blue does deserve credit for notifying any potential customers quickly. This just goes to show how a small error can lead to major security flaw on thousands of systems and potentially put businesses out of business because of data loss or theft.