SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
IBM is urging customers to destroy flash drives it shipped to storage system customers because they contain malware.
The company warned in an advisory Tuesday that an unspecified number of USB flash drives shipped with the initialization tool for Storwize systems contain malicious code. IBM instructed customers who received the V3500, V3700 and V5000 Gen 1 systems to destroy the drive to prevent the code from replicating.
"When the initialization tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop during normal operation," IBM said in its advisory.
The malicious code is part of the Reconyc Trojan malware family, which typically targets computers in Russia and India, according to data from Kaspersky Lab.
IBM said that while the malware is copied onto the victim's device, the malicious code is not executed during initialization.
-- submitted from IRC
(Score: 2) by edIII on Friday May 05 2017, @07:23PM (4 children)
There is nothing on a drive that should be automatically executed. Ever. Never Ever. Never, Never, Never, Never, Never ,Never, Never, Never, Never, Never, Never, Never....... Never, Never, Never, Never, Never, Never, Never...... Never. Then if there might be an exception, it is still... never ever ever ever. If you were a little bit confused still, the answer is never.
Not on a plane.
Not on a train.
Not with green eggs and ham.
No, I will not execute your fucking code.
Seriously. Why the fuck are flash drives not coming to us perfectly blank? If it needed a piece of software it should be online, signed, and more preferably, baked into the operating system supported by the groups of people that are responsible for that operating system.
If we want encryption, then have the operating systems do it for the storage devices. It's 2017 and autoplay gone-full-retard shit still spreads malware. This is why some sysadmins epoxy those fucking USB slots shut.
I'm thinking we need a security device that just specializes in formatting and pen testing flash drives before they get attached to anything.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 5, Informative) by Grishnakh on Friday May 05 2017, @07:53PM (2 children)
You're ranting about the wrong thing. IBM does not sell flash drives; anyone on this site should know this. No, flash drives should come perfectly blank, but that's not the issue here because IBM is not a flash drive manufacturer or reseller. They're using these to distribute software to some enterprise customers, so of course they can't be blank. Maybe it's some kind of convenience so customers don't have to download it from the website and put it on a flash drive themselves.
This also might not have anything to do with autoplay: TFS itself says the malware spreads when the "initialization tool is launched". That implies that it's baked into IBM's software and requires the customer to actually execute it, no autoplay needed.
Finally, you can read about IBM Storwize with a google search. It's an enterprise virtualized storage system, so it's highly unlikely the thing runs Windows at all.
(Score: 3, Funny) by Jeremiah Cornelius on Friday May 05 2017, @08:40PM
I remember when the malware they shipped to customers was called "PC-DOS".
You're betting on the pantomime horse...
(Score: 0) by Anonymous Coward on Friday May 05 2017, @09:36PM
Finally, you can read about IBM Storwize with a google search. It's an enterprise virtualized storage system, so it's highly unlikely the thing runs Windows at all.
FTFS
"When the initialization tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop during normal operation,"
Sure sounds like Windows to me considering TFS didn't mention this was happening on Linux desktops/laptops. Personally I don't know if Kaspersky has a Linux product so I suppose it could be Linux.
(Score: 1) by anubi on Saturday May 06 2017, @05:41AM
I thoroughly agree with your rant. Sounds just like one of mine.
Two more things I would like to add to the wish-list:
1) Never mix code and data. One reads data, not executes it on the fly! Executable data is the perfect breeding ground for malwares.
2) If one places "electronic locks / encryption" on things fed to one's machine, by doing so, regardless of any EULA clauses to the contrary, the same rightsholder that has the privilege to sue should be the one held responsible for what his code actually did in the customer machine.
Here's hoping that when John Q. Public gets pounded enough times over the head with a cuebat, he'll realize how all this enforced ignorance has cost him his trust in his own machine, and will let representatives know loud and clear that if they intend to have any future at all in politics, they will fix the DMCA to cover both bases, not only one, with the same fervor they passed the DMCA in the first place.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]