IBM shipped malware-laden USB sticks to unsuspecting customers
Malware-laden USB sticks were accidentally sent by IBM to a series of enterprise customers that had purchased storage systems developed by the computing giant, according to a company advisory published last week. An unidentified number of these drives were mailed as an installation tool for users setting up IBM Storewize V3700 and V5000 Gen 1 storage systems. IBM says that all of the infected USBs carried the same serial number: 01AC585. An IBM spokesperson did not respond to CyberScoop’s inquiry. It remains unclear how the malware originally found its way onto the drives. When plugged into a vulnerable system, the memory stick will immediately launch the legitimate Storewize initialization tool, which in this case also carries hidden malicious computer code that copies itself to a temporary folder. Fortunately, the malware itself is not executable, meaning that it won’t automatically run on a computer in order to infect the Storwize disks. […]
The post IBM shipped malware-laden USB sticks to unsuspecting customers appeared first on Cyberscoop.
Continue reading IBM shipped malware-laden USB sticks to unsuspecting customers