SoylentNews

IBM Warns of Malware It Shipped on Flash Drives

posted by Fnord666 on Friday May 05 2017, @07:07PM   
from the oops-my-bad dept.

"exec" writes:

Arthur T Knackerbracket has found the following story:

IBM is urging customers to destroy flash drives it shipped to storage system customers because they contain malware.

The company warned in an advisory Tuesday that an unspecified number of USB flash drives shipped with the initialization tool for Storwize systems contain malicious code. IBM instructed customers who received the V3500, V3700 and V5000 Gen 1 systems to destroy the drive to prevent the code from replicating.

"When the initialization tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop during normal operation," IBM said in its advisory.

The malicious code is part of the Reconyc Trojan malware family, which typically targets computers in Russia and India, according to data from Kaspersky Lab.

IBM said that while the malware is copied onto the victim's device, the malicious code is not executed during initialization.

-- submitted from IRC

---

Original Submission

• Re:Is this the real life? Re:Is this the real life? (Score: 3, Informative) by Scruffy Beard 2 on Friday May 05 2017, @09:15PM (3 children)

  by Scruffy Beard 2 (6030) on Friday May 05 2017, @09:15PM (#505158)

  Destroying is more reliable than disabling autorun, apparently.

  Non-destructive "repair" steps:

  1. Delete the folder called InitTool on the USB flash drive which will delete the folder and all the files inside.
  2. If using a Windows machine, holding down shift when deleting the folder will ensure that the files are permanently deleted rather than being copied to the recycle bin.
  3. Download the Initialization tool package from Lenovo Support https://www.lenovo.com/support/ [lenovo.com]
  4. Unzip the package onto the USB flash drive.
  5. Manually scan the USB flash drive with antivirus software.

  Parent

  Starting Score:	1		point
  Moderation		+1
  Informative=1, Total=1
  Extra 'Informative' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		3

• Re:Is this the real life? Re:Is this the real life? (Score: 2) by kaszz on Friday May 05 2017, @09:42PM (2 children)

  by kaszz (4211) on Friday May 05 2017, @09:42PM (#505173) Journal

  Can't use a defective OS manufacturer to do the job. Instead a good tool is Unix though one can suspect VMS etc will be ok too.
  So this would likely wipe the shit to oblivion:

  dd if=/dev/zero bs=64k of=/dev/[SSD device]

  (usually takes hours.. but in most cases wiping out the start of a disc makes most handling software to consider it empty)

  Less brutal:

  mtools.conf: drive m: file="/dev/[SSD device]"
  mdel 'm:*.*'

  mount.... /dev/[SSD device] /mount
  rm -rf /mount/*
  rm -rf /mount/.??*
  umount /mount

  Parent

  • Re:Is this the real life? Re:Is this the real life? (Score: 2, Informative) by toph on Saturday May 06 2017, @12:22AM (1 child)

    by toph (5509) on Saturday May 06 2017, @12:22AM (#505232)

    Filling a flash drive with zeros allocates all sectors and may adversely effect future performance. Use a proper erase tool if you can find one. Otherwise, the suggestion:

    in most cases wiping out the start of a disc makes most handling software to consider it empty

    is good. So do:

    dd if=/dev/zero bs=64k count=1 of=/dev/[SSD device]

    and then fdisk / mkfs.vfat or whatever.

    Parent

    • Re:Is this the real life? (Score: 2) by kaszz on Saturday May 06 2017, @01:17AM

      by kaszz (4211) on Saturday May 06 2017, @01:17AM (#505254) Journal

      Better to write a 1 MB block because 64 kByte is very tight to be sure that no OS-partition-RAID thing mess it up.
      dd if=/dev/zero bs=1024k count=1 of=/dev/[SSD device]

      Otherwise you may get the .. "Hey! I found a missing RAID parity disc. I will now restore parity on your volume(s) which results in NOOOOOOO!!%¤=%)=¤" ;-)

      Parent