IBM hands out malware laden USBs

IBM has been handing out more than USB sticks at a conference in Australia this week and the security experts weren’t happy with what they got.

USB worm

It is not unusual to receive a freebie USB stick when you attend a conference, but the ones IBM was handing out at a security event in Australia last week had a little extra surprise in store for the attendees.

The complementary sticks passed out at the AusCERT show were riddled with malware two separate worms to be exact and the company was forced to send out emails to the recipients warning them and asking them to return the sticks to IBM's Australian headquarters as soon as possible.

Advertisement - Article continues below

The email said: "At the AusCERT conference this week, you may have collected a complimentary [sic] USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."

After examining the sticks, analysts at security firm Sophos confirmed the devices were infected with two worms. The first infection was a W32/LibHack-A an infected setup file which gets into the machine when executed and the second was a W32/Agent-FWF a Windows worm capable of logging keystrokes.

"You should exercise care if you plug the device into your computer, since it is an autorun worm - which means it will launch when inserted into a computer if autorun/autoplay is enabled," wrote Graham Cluley, senior technology correspondent at Sophos, on his blog.

Advertisement
Advertisement - Article continues below

"I imagine that the security professionals at IBM will have their head in their hands about this breach, because it wasn't even as though this malware was previously unknown. Sophos has been detecting W32/Agent-FWF, for instance, since June 2007!"

Advertisement - Article continues below

IBM is not the first company guilty of spreading malware in this way.

Cluley claimed that while he was at the RSA conference in San Francisco earlier this year, one of the staff was putting presentations onto attendee's laptops via an infected USB stick.

"She wasn't a security professional, but she was working for a security company - and when she asked me to look at her Windows computer I found she had no anti-virus software installed," he added.

USBs are becoming an increasingly popular way of spreading malicious software. McAfee's latest threat report released earlier this month showed it was the most popular way of getting worms onto systems, despite living in an internet age.

Greg Day, director of security strategy for McAfee, in Europe, the Middle East and Africa (EMEA) told IT PRO: "Go back 20 years and malware used USBs to spread but we have been living in an age of internet and networking malware."

He added: "The report has [shown that] this old technique, that was long forgotten, has come back."

IBM and Sophos both advise users to delete the setup.exe and autorun.inf files and ensure their antivirus software is up to date.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Sophos Central Endpoint Protection review: Because you’re worth it
endpoint security

Sophos Central Endpoint Protection review: Because you’re worth it

3 Aug 2020
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
IBM Cloud launches centralised security and compliance hub
cloud computing

IBM Cloud launches centralised security and compliance hub

22 Jul 2020
IBM teams with Adobe and Red Hat to drive personalized customer experiences
Cloud

IBM teams with Adobe and Red Hat to drive personalized customer experiences

20 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020