IBM hands out malware laden USBs

News 24 May, 2010

IBM has been handing out more than USB sticks at a conference in Australia this week and the security experts weren’t happy with what they got.

It is not unusual to receive a freebie USB stick when you attend a conference, but the ones IBM was handing out at a security event in Australia last week had a little extra surprise in store for the attendees.

The complementary sticks passed out at the AusCERT show were riddled with malware – two separate worms to be exact – and the company was forced to send out emails to the recipients warning them and asking them to return the sticks to IBM’s Australian headquarters as soon as possible.

The email said: “At the AusCERT conference this week, you may have collected a complimentary [sic] USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected.”

After examining the sticks, analysts at security firm Sophos confirmed the devices were infected with two worms. The first infection was a W32/LibHack-A – an infected setup file which gets into the machine when executed – and the second was a W32/Agent-FWF – a Windows worm capable of logging keystrokes.

“You should exercise care if you plug the device into your computer, since it is an autorun worm - which means it will launch when inserted into a computer if autorun/autoplay is enabled,” wrote Graham Cluley, senior technology correspondent at Sophos, on his blog.

“I imagine that the security professionals at IBM will have their head in their hands about this breach, because it wasn't even as though this malware was previously unknown. Sophos has been detecting W32/Agent-FWF, for instance, since June 2007!”

IBM is not the first company guilty of spreading malware in this way.

Cluley claimed that while he was at the RSA conference in San Francisco earlier this year, one of the staff was putting presentations onto attendee’s laptops via an infected USB stick.

“She wasn't a security professional, but she was working for a security company - and when she asked me to look at her Windows computer I found she had no anti-virus software installed,” he added.

USBs are becoming an increasingly popular way of spreading malicious software. McAfee’s latest threat report released earlier this month showed it was the most popular way of getting worms onto systems, despite living in an internet age.

Greg Day, director of security strategy for McAfee, in Europe, the Middle East and Africa (EMEA) told IT PRO: “Go back 20 years and malware used USBs to spread… but we have been living in an age of internet and networking malware.”

He added: “The report has [shown that] this old technique, that was long forgotten, has come back.”

IBM and Sophos both advise users to delete the setup.exe and autorun.inf files and ensure their antivirus software is up to date.