Last week, IBM issued a security alert over malware that was accidently shipped to customers. Infected USB devices were distributed with IBMs Storwize data center products. IBM warns that the infected USB drives should be reformatted or destroyed to prevent infection.
IBM has not specified exactly how many devices contain the malware but has disclosed that the infected USB drives are all from a single batch with the part number 01AC585. These USB sticks have been shipped with the following products:
IBM Storwize V3500 – 2071 models 02A and 10A
IBM Storwize V3700 – 2072 models 12C, 24C and 2DC
IBM Storwize V5000 – 2077 models 12C and 24C
IBM Storwize V5000 – 2078 models 12C and 24C
IBM has advised that while the malware contained on the USB drives gets copied to user devices, it will not be executed under normal circumstances. Regardless, it is recommended that if you received an infected device, or have already run the initialization software contained within, that you should take immediate action to remove the files. After initialization, the malware files will be stored in either your %TMP%\initTool on a Windows device or in /tmp/initTool on Linux and Macs.
If you believe that your systems have been compromised by the malware, IBM advises running a scan from business grade anti-virus software. Because the malware is not automatically activated or concealed on installation, any up-to-date virus scan should be able to take care of the problem. Alternatively, the infected directories can be manually deleted from the temporary installation directories.
Once the malware has been removed from the infected device, IBM recommends that users reformat the data on the original USB drive. Once done, a clean version of the Storwize Initialization Tool can be downloaded directly from the IBM website and copied over to the cleaned USB drive. If you are not sure how to reformat or uncomfortable using a previously infected device, the Initialization Tool can be downloaded to any USB storage device of a comparable size.