Malware, ransomware and phishing scams are just a few of the digital threats we constantly need to watch out for. We’re in a never-ending battle to keep sensitive data out of the hands of cybercriminals.
With so many online threats, the last thing we need to worry about is malicious items coming straight from manufacturers. That’s exactly what’s happening now with certain USB flash drives that are distributing malicious code.
How flash drives are distributing malicious code
IBM is warning customers that it has shipped some USB flash drives that contain a malicious file. The flash drives are used in the initialization tool for IBM Storwize V3500, V3700 and V5000 Gen 1 systems. These are data storage systems used for block-based, file-based or object storage, found in many small businesses.
According to IBM Support, “When the initialization tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop during normal operation. With that step, the malicious file is copied with the initialization tool to the following temporary folder:
“On Windows systems: %TMP%initTool
“On Linux or Mac systems: /tmp/initTool
“Important: While the malicious file is copied onto the computer, the file is not executed during initialization.”
This means that if you use one of the infected USB flash drives, a Trojan is installed on your computer. It will be executed at a later time.
All of the infected flash drives have the part number 01AC585, like the one in the following image:
Image: Example of infected IBM USB flash drive. (Source: IBM)
Flash drives that could contain the infected file were shipped with the following System models:
- IBM Storwize V3500 – 2071 models 02A and 10A
- IBM Storwize V3700 – 2072 models 12C, 24C and 2DC
- IBM Storwize V5000 – 2077 models 12C and 24C
- IBM Storwize V5000 – 2078 models 12C and 24C
What you need to do
IBM is urging anyone who has used a potentially infected USB flash drive to verify that your antivirus software has removed the infected file. If not, you can remove the directory containing the identified malicious file. Here’s how:
To manually remove the malicious file, delete the temporary directory:
- On Windows systems – %TMP%initTool For Windows you need to ensure the entire directory is deleted (not moved to the Recycle Bin folder). This can be done by selecting the directory and Shift >> Right-click >> Delete the directory.
- On Linux and Mac systems – /tmp/initTool
If you have one of the potentially impacted flash drives and have not used it, IBM is recommending that you securely destroy it so it can’t be used.
If you have any questions you are encouraged to contact IBM Support. Click here to see IBM Support’s full alert on this issue.