IBM has accidentally shipped malware-infected USB flash drives to customers and has requested its users to destroy or wipe the USB, rather than attempting to use it.
The company said it detected that some of its USB flash drives containing the initialisation tool shipped with the IBM Storwize V3500, V3700 and V5000 Gen 1 systems contained a file that had been infected with malicious code.
It said that when the initialisation tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop, and the malicious file is also copied to a temporary folder.
For customers who have already used the USB flash drive for one of the IBM products affected to initialise a Storwize system, IBM recommends using an anti-virus package to remove the infected file, or to remove the directory containing the identified malicious file.
For those customers who have not yet used the USB flash drives for installation, IBM recommends either "securely destroying the USB flash drive so that it can not be re-used" or repairing it so it can be re-used.
The latter involves permanently deleting several files on the USB flash drive and downloading a new initialisation tool from the IBM website, and then manually scanning the USB flash drive with antivirus software to ensure it has been removed.
IBM said that the malicious file, found in the Reconyc family, would be detected by the following anti-virus software vendors: AhnLab, ESET, Kaspersky, McAfee, Microsoft, Qihoo, Symantec, Tencent, TrendMicro and ZoneAlarm.
According to Kaspersky, malicious programs found in the Reconyc family are used by cybercriminals to install additional software on the infected computer.
"The malicious program copies its executable file to a temporary folder on the user's computer and modifies the operating system registry, enabling the malware to run automatically after the user logs in to the system," it warned.
"The malware decrypts itself, performs extraction from its resources section, and launches other malicious programs," it added.
IBM said it had taken steps to prevent any additional USB flash drives being shipped with this issue.
Apple's flagship iPhone X goes head-to-head against Samsung's freshly launched Galaxy S9 and S9+
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney