IBM has accidentally shipped malware-infected USB flash drives to customers and has requested its users to destroy or wipe the USB, rather than attempting to use it.
The company said it detected that some of its USB flash drives containing the initialisation tool shipped with the IBM Storwize V3500, V3700 and V5000 Gen 1 systems contained a file that had been infected with malicious code.
It said that when the initialisation tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop, and the malicious file is also copied to a temporary folder.
For customers who have already used the USB flash drive for one of the IBM products affected to initialise a Storwize system, IBM recommends using an anti-virus package to remove the infected file, or to remove the directory containing the identified malicious file.
For those customers who have not yet used the USB flash drives for installation, IBM recommends either "securely destroying the USB flash drive so that it can not be re-used" or repairing it so it can be re-used.
The latter involves permanently deleting several files on the USB flash drive and downloading a new initialisation tool from the IBM website, and then manually scanning the USB flash drive with antivirus software to ensure it has been removed.
IBM said that the malicious file, found in the Reconyc family, would be detected by the following anti-virus software vendors: AhnLab, ESET, Kaspersky, McAfee, Microsoft, Qihoo, Symantec, Tencent, TrendMicro and ZoneAlarm.
According to Kaspersky, malicious programs found in the Reconyc family are used by cybercriminals to install additional software on the infected computer.
"The malicious program copies its executable file to a temporary folder on the user's computer and modifies the operating system registry, enabling the malware to run automatically after the user logs in to the system," it warned.
"The malware decrypts itself, performs extraction from its resources section, and launches other malicious programs," it added.
IBM said it had taken steps to prevent any additional USB flash drives being shipped with this issue.
V3 looks at how the world's most popular programming languages have evolved over the last 50 years - from Fortran to Swift
IBM software case reminiscent of TSMC trade secrets theft claim
iPhone 8 specs, release date, price, features, basically everything! But will it have a curved display?
CISO pay boom as security become a boardroom concern