Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM Distributes USB Malware At Security Conference

Posted by kdawson on from the just-testing-ya dept.

bennyboy64 and other readers let us know that IBM sent out an email to all attendees to the Australian Computer Emergency Response Team (AusCERT) 2010 conference, warning them that some of the USB drives handed out to delegates contained malware. Fortunately it was old malware, which all anti-virus products have detected since 2008. Two years ago telecommunications company Telstra distributed malware-infected USB drives at the same conference.

54 of 73 comments (clear)

  1. Old malware.... by Rotten · · Score: 4, Funny

    IBM old malware is......OS/2?

    1. Re:Old malware.... by Opportunist · · Score: 5, Funny

      OS/2 was not malware. Malware is unobstrusive, runs usually pretty well with Windows, only occasionally slows down the system and is usually also well maintained.

      Stop badmouthing malware, please.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Old malware.... by NervousWreck · · Score: 2

      Ah, so Vista isn't malware either? Shucks, I can't use one of my favorite lines on friends who ask me for help.

      --
      I do not have a sig. You are hallucinating.
    3. Re:Old malware.... by Anonymous Coward · · Score: 1

      Stop badmouthing OS/2. It was far superior to Windows (its only downfall was lack of Windows 95 app compatibility and hardware compatibility).

    4. Re:Old malware.... by Opportunist · · Score: 1

      No, Vista is a bug. Or a glitch, depends.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Wow... by wandazulu · · Score: 5, Funny

    ...I didn't realize they'd been able to squeeze Lotus Notes onto a USB drive.

    1. Re:Wow... by Hurricane78 · · Score: 1

      To be honest, it was a new experimental USB stick, 1TB of size.
      So the installer did barely fit on it. The installer that you needed to download the actual data, of course.

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
  3. wtf? by Pojut · · Score: 3, Insightful

    Seriously. Come on IBM. You're one of the biggest names in the industry, you hold thousands of patents...and you can't ensure you give devices that have already been secured to conference goers? ::obligatory::

    We can go to the moon...

    --
    Living With a Nerd
    1. Re:wtf? by Lunix+Nutcase · · Score: 1

      And they don't scan them for viruses and malware before handing them out?

    2. Re:wtf? by Pojut · · Score: 1

      Thanks for that. Nothing like a healthy dose of depression on Friday :/

      --
      Living With a Nerd
    3. Re:wtf? by jamesh · · Score: 2, Insightful

      Seriously. Come on IBM. You're one of the biggest names in the industry, you hold thousands of patents...and you can't ensure you give devices that have already been secured to conference goers?

      My first assumption (without RTFA) is that they would have outsourced it.

    4. Re:wtf? by JamesP · · Score: 4, Informative

      No, I'd say:

      It's a security conference, if you can't handle a USB drive with a (Windows program) virus you shouldn't be there.

      --
      how long until /. fixes commenting on Chrome?
    5. Re:wtf? by Yvanhoe · · Score: 1

      MArketing and PR are probably the only department handled by computers running under Windows. Which is obviously a bad move...

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    6. Re:wtf? by Opportunist · · Score: 1

      A shuddering thought just hit me. This was a security conference, and of course a USB key containing malware is easily and immediately spotted, dissected, squished and laughed off.

      Not let's imagine this was a markedroid conference... And, extrapolated, what happens at such cons where markedroids and other suits congregate without a clued person within a hundred miles?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    7. Re:wtf? by dnahelicase · · Score: 2, Interesting

      was it an accident? A good friend of mine works for a defense contractor and they used to do this as part of a security audit. Every once in a while they would just drop USB keys in the parking lot and then notify everyone that had a computer that got infected by it after a few days.

      My biggest concern would be IT security guys that will stick a generic USB drive in their computer without scanning it first. Shame on anyone that goes to a security conference and trusts the graft to be virus-free.

    8. Re:wtf? by Anonymous Coward · · Score: 1, Insightful

      How would you scan a USB drive without first sticking it into a computer?

    9. Re:wtf? by tlhIngan · · Score: 2, Interesting

      My biggest concern would be IT security guys that will stick a generic USB drive in their computer without scanning it first. Shame on anyone that goes to a security conference and trusts the graft to be virus-free.

      Which makes it kinda ironic, isn't it? A security conference with virus laden USB keys given out, and a good proportion of participants get infected. If even the security guys (whose job is to prevent such things) can't secure their machines, what hope does Joe Average have?

      I suppose the bigger question is - how come this wasn't reported... earlier? Surely someone at that conference must've seen it and disinfected, and saw others and posted something about it before IBM?

    10. Re:wtf? by Farmer+Tim · · Score: 1

      So it's really just a way of keeping the attendees entertained? See, IBM really does care...

      --
      Blank until /. makes another boneheaded UI decision.
    11. Re:wtf? by jdgeorge · · Score: 1

      You scan the USB drive by sticking it into a non-Windows computer, or one that doesn't by default execute software installed on the medium.

      Yes, you deserve a funny mod instead of an obvious response.

    12. Re:wtf? by Runaway1956 · · Score: 1

      Heh - GP asked the question that was on my mind, and you gave the obvious answer. Now - it's time we came up with a "Secure USB scanner". Yes, yes, yes, of course it's a gimmick. And, of course, it's gonna be a ripoff. All we have to do is, get a USB cord, terminate it inside a stupid little box with a light that flashes as data transfers, then plug our USB into the box. It will make dummies feel good that they have "securely" scanned their USB before plugging it into a computer.

      I smell money - dishonest huckster money, to be sure, but money all the same!!

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    13. Re:wtf? by Gilmoure · · Score: 1

      Ricky the intern was just given a box with 500 thumb drives and told to format them.

      --
      I drank what? -- Socrates
    14. Re:wtf? by aldld · · Score: 1

      Or maybe it just means that you need to be there.

    15. Re:wtf? by PassiveAggressive · · Score: 1

      Or at least get some new malware and not that old 2008 crap. Sheesh...

      --
      Is passive resistance passive aggressive ?
  4. All Anti-virus ? by JavaBear · · Score: 3, Insightful

    If all Anti-virus products have detected this one since 2008 it obviously begs the question, why didn't IBM's?

    1. Re:All Anti-virus ? by Lunix+Nutcase · · Score: 3, Informative

      The "all" was added by the summary writer. In the article the IBM spokesman said "most" anti-virus software.

      Wightwick said the malware, which dated to 2008, was detected by most anti-virus products.

      "The malware is known by a number of names and is contained in the setup.exe and autorun.ini files.

    2. Re:All Anti-virus ? by JavaBear · · Score: 1

      It would still be nice to know which ones don't :)

    3. Re:All Anti-virus ? by Opportunist · · Score: 1

      The one that boasts "IBM uses our solution" on their homepage. Just look around, I'm sure they wouldn't let that juicy piece of PR opportunity slip.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:All Anti-virus ? by xelan · · Score: 1

      As I think back about a decade ago.... I seem to recall IBM offering an anti-virus app. Didn't it get absorbed by Symantec?

    5. Re:All Anti-virus ? by Demonantis · · Score: 1

      If you want to talk serious semantics anything made before 2008 wouldn't detect it. So I would say most anti virus would not(unless the market has exploded since 2008), but the all isn't because the requirement is that they are made after 2008. Bennyboy64 just made corrected the spokes persons mistake.

    6. Re:All Anti-virus ? by ViViDboarder · · Score: 1

      Because IBM doesn't manufacture the drives and they probably didn't plug each one in to test it...

    7. Re:All Anti-virus ? by saskboy · · Score: 1

      So the question is, which one was IBM using on the computer(s) loading information onto the USB drives?

      --
      Saskboy's blog is good. 9 out of 10 dentists agree.
  5. IBM CEO by dandart · · Score: 3, Funny

    Mwuhahahahaa... destroy them all! That'll show 'em! They should've chosen OUR DOS, and we shouldn't have given them OUR PCs...

  6. Good thing a corporation did it by British · · Score: 4, Interesting

    If some individual did it, they would be in jail for a very long time. Thankfully, a 'corporation' did it, which can blame any # of people internally. Thus, no jail time for IBM. It will probably be handled in a private manner(ie nothing).

    1. Re:Good thing a corporation did it by Anonymous Coward · · Score: 1, Funny

      But but but ... the Free Market (TM) ... it will fix itself!

    2. Re:Good thing a corporation did it by bendodge · · Score: 1

      That's stupid. I've never heard of individuals getting in trouble for accidentally distributing viruses. Also, your post is worded in a very sarcastic manner to suggest that all corporations are bad, the capitalists are evil, banking is a sin, etc. Unfortunately, you did not cite anything (except your own strawman) to back up anything, it was all postulation.

      As a side note, IANAL, so please do not reply by saying that I do not cite a lack of a law against accidentally giving out dirty flash drives. That's almost as hard as proving a universal negative.

      --
      The government can't save you.
    3. Re:Good thing a corporation did it by Transaction7 · · Score: 1

      Amen. I'm a retired lawyer who came late to the computer revolution in the eighties and none of my computerliterate friends will teach me to hack into things, write viruses and torgans, etc. and the textbook at the local university is wirtten in type too small for me to read and copy the code, but I have watched as the law got more and more to the point that, to even get exemplary damages against a corportion orLLC, etc., , now prctically always limited to three times your "economic" damages not including many very real elements of injury, loss and damage, you pretty well have to prove that the Board of Directors voted to do it at a duly called board meeting and included this in the minutes, which, of course, never happens, and getting a criminal convictin agianst a corportion is tougher yet and the fines are rounding errors in the financial statements of big corproations like IBM. You never do find out which individuals within these large entities, corporte or government, actually decided to do and did things, so as to even begin to prosecute them, even when it is part of something that cashes not just Wall Street but the real economy and hurts a lot of people. Nobody is really likely to invest the money and manpoer to track this malware exploit to its source and take real action agianst the people and corporation culpable. Another reuslt is that anything that calls itself a business corproation can rip off a million people for several hundred dollars apiece secure in the knowledge that nobody victimized can afford to get thelegla sysetem to call them to account much less put a real dent in their wallet so as to discourage future such behavior. As for our two political parties doing anything about this, both are in bed with the private-sector crooks for money and my nationally known law school dean liked to quote Will Rogers: "Whenever Congress tells a joke, it's a law, and whenever they pass a law, it's a joke." What I can't figure out about these people who write and sprad a lto of malware that doesn't capture data, etc., is what motivates and who pays them to do it?

  7. It's takes 12-24 months for IBM IT to ok updates by Joe+The+Dragon · · Score: 4, Funny

    It's takes 12-24 months for IBM IT to ok updates

  8. IBM needs a new supplier... by sir+lox+elroy · · Score: 1

    Evidently IBM bought up the unused Telestra Flash drives. Or, they have really bad luck.

    --
    Kosh: "Understanding is a 3 edged sword, your side, their side, the Truth."
  9. Opportunity to be had by istartedi · · Score: 3, Insightful

    So many USB sticks come with pre-loaded crapware/malware. In the office we would stick them in Linux machines and format them from there. If you stuck it in a Windows machine without formatting it, you spent the rest of the day auditing your machine and puzzling over what might be left on it.

    The OPPORTUNITY is for a company to brand itself based on NOT HAVING CRAP on their sticks. I'm thinking Pure USB would be a nice name for such a product. I know I'd chose that over anything else if they were comparably priced. Don't get greedy and charge a premium for that. Just outsell the competition. I can't believe the kickbacks from crapware authors are that valuable.

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
    1. Re:Opportunity to be had by DrBoumBoum · · Score: 3, Informative

      Why not simply disable autorun?

    2. Re:Opportunity to be had by couchslug · · Score: 1

      Why give nasties ANY chance to spread?

      When I get new or unknown drives I nuke 'em all out of habit. View on safe machine, nuke and pave, done.

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    3. Re:Opportunity to be had by istartedi · · Score: 1

      Somebody or some thing (including Windows update) is bound to re-set your settings at some point, and re-enable autorun. Yes, locking your door is a good thing. Moving to a nicer neighborhood *and* locking your door is even better.

      --
      For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
    4. Re:Opportunity to be had by TerranFury · · Score: 1

      I'm not positive about this, but I think the risk may be larger than just autorun. Isn't there also the "installing drivers" bit that Windows does for some hardware? I get the impression that USB devices are to some extent able to contain their own drivers that Windows will install. IIRC, users are asked for confirmation by a tooltip-bubble from the system tray, but this may not be under all versions of Windows (yes under Vista, no under XP?). I do not know how this is implemented; I'm hoping that someone who has looked more closely at this will respond...

    5. Re:Opportunity to be had by Anonymous Coward · · Score: 1, Informative

      No, I've disabled autorun on Windows machines since 2000, and it's never been reenabled on any of them.

    6. Re:Opportunity to be had by Nizumzen · · Score: 1

      Haha, your signature made me laugh. The phrase is "for all intents and purposes".

    7. Re:Opportunity to be had by ZERO1ZERO · · Score: 1

      Whooooosh!

  10. Re:It's takes 12-24 months for IBM IT to ok update by EvilIdler · · Score: 3, Insightful

    The parent post is modded funny, but I'm sure Joe's breaking an NDA! :P

  11. Re:Get used to IBM sucking by yuhong · · Score: 1

    What is even worse about it is that quarterly EPS game is fundamentally flawed: http://blogs.hbr.org/hbr/restoring-american-competitiveness/2009/10/can-we-break-the-tyranny-of-qu.html

  12. Strike up the band! by Chris+Tucker · · Score: 1

    "Botnets, worldwide botnets,
    what kind of boxes are on botnets.'

    "Compaq, HP, Dell and Sony? True!
    Gateway, Packard Bell, maybe even ASUS, too!"

    "Are boxes, found on botnets!
    All running Windows, FOO!"

    --
    Guaranteed! This comment 100% Anthrax free!
  13. so by SnarfQuest · · Score: 1

    So, is there a better place to distribute malware than a security confrence?

    --
    Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
  14. That isn't the only thing... by Dogbertius · · Score: 1

    That's "wide" about the 2012 Olympics...
    http://boingboing.net/2007/06/04/london-2012-olympic-.html

  15. It could be worse... by Rui+Lopes · · Score: 1

    ... if they had distributed Melware.

    --
    var sig = function() { sig(); }
  16. Blame Microsoft for their poorly-designed AUTORUN by CuteSteveJobs · · Score: 1

    Who is really to blame in this is Microsoft. Some fool of a Microsoftie decided that, by default, whenever media (CDs, USBs) was inserted into a removable drive it should run AUTORUN on that drive. It can be disabled with TweakUI (link below) but you need to be a geek to think to do it and must do it on all your machines (and possibly all accounts on your machines) and if you forget, like I did, once, whamo! You're infected. A virus scanner can help, but they won't catch the latest viruses/horses (which is exactly why cybercrooks keep writing new ones) if you set them to scan all removable drives and you plug in your 1Gb USB HDD you will be in for a long wait. Like the massive security hole that ActiveX became, Microsoft has no foresight. http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

  17. Old virus - new release. by ananthap · · Score: 1

    It seems that IBM is not maintaining malware defintions upto date on the server from which the infected (old) malware was distributed. It is not clear from the writeup "http://www.itnews.com.au/News/175451,ibm-unleashes-virus-on-auscert-delegates.aspx" whether IBM finally reminds the users to re-enable the system restore feature. OK