IBM-LogoMalware is a particularly virulent strain of hacking and can spread very quickly. However, when it gets help from a tech giant, it can spread even quicker.

It’s now been discovered that IBM have, quite accidentally, managed to ship USB flash drives containing malware. Now, the hacking threat of USB sticks is a readily acknowledged problem in the world of computing, but these attacks originate from anonymous, concealed hackers. IBM, obviously, haven’t gone out of their way to commit such malicious attacks, but the fact remains that it was their product which was used to help spread this infection.

It’s a highly embarrassing revelation for IBM and, once again, reinforces the fact that you need to be continuously on your guard against malware. Let’s take a look at exactly what happened and how one of the biggest names in computing found themselves duped into becoming a delivery method for malware.

How IBM Infected its Customers

Organizations are constantly facing a battle to create more storage for the increasing amounts of data involved in business, so IBM created the Storwize storage system. The installation tool shipped with the Stowize V3500, V3700 and V5000 is housed on a USB flash drive for ease of use, but it’s this flash drive which has been pre-loaded with malicious software.

Normal installation of the IBM tool usually takes place in a temporary folder on the computer’s hard drive, but the infected drives also install a malicious file to this temporary folder. This malicious file then sets about editing the user’s system registry in order to load up the malware every time the user logs on. A number of different Trojans – such as Pondre, Reconyc and Faedevour – have all been detected on the USB drives and this points towards the involvement of cybercriminals.

Naturally, IBM is very embarrassed by the whole fiasco and have been reticent to disclose information on how these USB drives came to be infected and just how many users are at risk. What they have advised is that the infected flash drives will have the part number ‘01AC585’ clearly labelled on them, so, at the very least, IBM customers can quickly check if they’re open to infection.

Treating the Infection


IBM’s immediate solutions to the infected USB drives are as follows:

  • Run your antivirus software to identify and remove any threats. The Trojans contained on the USB drives are well known and easily treated once caught.
  • Destroy the drive as soon as possible to completely eliminate the threat. IBM have now made the required (and non-malicious) software available on their website, so the need for the USB drive is now redundant.

Whilst this should rectify the risk of your system becoming compromised, it does little to quell the bad PR it’s caused for IBM. It also hammers home the fact that hackers are looking for more ingenious ways to deliver their malicious payloads, even having the nerve to piggyback their way onto systems through official IBM products. Obviously, the telltale signs of infections will still be there, so if you aren’t already running the following checks, you should certainly start:

For more ways to secure and optimize your business technology, contact your local IT professionals.

323 View