Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 922
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: IBM spread malware-stuffed USB at security conference (setup.exe, autorun.ini)  (Read 2833 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


IBM has apologised after supplying a malware-infected USB stick to delegates of this week's IBM AusCERT security conference.

The unlovely gift was supplied to an unknown number of delegates to the Gold Coast, Queensland conference who visited IBM's booth. Big Blue does not identify the strain of malware involved in the attack beyond saying it's a type of virus widely detected for at least two years which takes advantage of Windows autorun to spread, as a copy of IBM's email apology published by the Beast Or Buddha blog explains: http://beastorbuddha.com/2010/05/21/ibm-letter-to-auscert-delegates-free-malware-giveaway/

    At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected.

    The malware is detected by the majority of current Anti Virus products [as at 20/05/2010] and been known since 2008.

    The malware is known by a number of names and is contained in the setup.exe and autorun.ini files.  It is spread when the infected USB device is inserted into a Microsoft Windows workstation or server whereby the setup.exe and autorun.ini files run automatically.

    Please do not use the USB key, and we ask that you return it to IBM at Reply Paid 120, PO Box 400, West Pennant Hills 2120.


Problems of this type occur when any one of the PCs involved in loading content onto a USB stick is itself infected with malware. This could have happened either at IBM itself or its suppliers.

Malware-infected USB incidents have cropped up at AusCERT before. Australian telco Telstra distributed malware-infected USB drives at AusCERT 2008.

(El Reg)

Samker's Computer Forum - SCforum.info





luffy

  • SCF Member
  • **
  • Posts: 44
  • KARMA: 13
Have they found out who did it?

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


"Rumor has it that the USB keys were acquired from the same factory Telstra did … in China."

...Sophos Labs identifies the malware as W32/LibHack-A  and W32/Agent-FWF, the second of which is capable of logging keystrokes on the user’s machine.


Quote


...

Steps to remove the malware:

1. Turn off System Restore

[StartProgramsAccessoriesSystem toolsSystem Restore]

Turning off System Restore will enable your anti virus software to clean the virus from both your current system and any restore points that may have become infected.

2. Update your antivirus tool with the latest antivirus definitions

[available from your anti virus vendor of choice].

3. Perform a full system scan with your AV tool to confirm the existence of the infection. If malware is detected allow your AV to complete a clean.

4. On completion of this process, complete a second scan using a different anti virus product. Free anti virus products are available from known companies such as AVG, Avira, Panda Software, or Trend Micro.

5. Once a second scan has been performed and it is determined that your workstation is free of any known malware, as a precautionary measure we recommended that you perform a back up of all vital files on your workstation and perform a full re-installation of the operating system. This process will remove the risk of other unknown or undetected malware that may be present on your machine.

...


luffy

  • SCF Member
  • **
  • Posts: 44
  • KARMA: 13
Don't tell me it has government relate?

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Don't tell me it has government relate?

In my opinion, more like thoughtlessness and low quality production.  :thumbsdown:

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising