Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM Distributes USB Malware At Security Conference

Posted by kdawson on from the just-testing-ya dept.

bennyboy64 and other readers let us know that IBM sent out an email to all attendees to the Australian Computer Emergency Response Team (AusCERT) 2010 conference, warning them that some of the USB drives handed out to delegates contained malware. Fortunately it was old malware, which all anti-virus products have detected since 2008. Two years ago telecommunications company Telstra distributed malware-infected USB drives at the same conference.

17 of 73 comments (clear)

  1. Old malware.... by Rotten · · Score: 4, Funny

    IBM old malware is......OS/2?

    1. Re:Old malware.... by Opportunist · · Score: 5, Funny

      OS/2 was not malware. Malware is unobstrusive, runs usually pretty well with Windows, only occasionally slows down the system and is usually also well maintained.

      Stop badmouthing malware, please.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Old malware.... by NervousWreck · · Score: 2

      Ah, so Vista isn't malware either? Shucks, I can't use one of my favorite lines on friends who ask me for help.

      --
      I do not have a sig. You are hallucinating.
  2. Wow... by wandazulu · · Score: 5, Funny

    ...I didn't realize they'd been able to squeeze Lotus Notes onto a USB drive.

  3. wtf? by Pojut · · Score: 3, Insightful

    Seriously. Come on IBM. You're one of the biggest names in the industry, you hold thousands of patents...and you can't ensure you give devices that have already been secured to conference goers? ::obligatory::

    We can go to the moon...

    --
    Living With a Nerd
    1. Re:wtf? by jamesh · · Score: 2, Insightful

      Seriously. Come on IBM. You're one of the biggest names in the industry, you hold thousands of patents...and you can't ensure you give devices that have already been secured to conference goers?

      My first assumption (without RTFA) is that they would have outsourced it.

    2. Re:wtf? by JamesP · · Score: 4, Informative

      No, I'd say:

      It's a security conference, if you can't handle a USB drive with a (Windows program) virus you shouldn't be there.

      --
      how long until /. fixes commenting on Chrome?
    3. Re:wtf? by dnahelicase · · Score: 2, Interesting

      was it an accident? A good friend of mine works for a defense contractor and they used to do this as part of a security audit. Every once in a while they would just drop USB keys in the parking lot and then notify everyone that had a computer that got infected by it after a few days.

      My biggest concern would be IT security guys that will stick a generic USB drive in their computer without scanning it first. Shame on anyone that goes to a security conference and trusts the graft to be virus-free.

    4. Re:wtf? by tlhIngan · · Score: 2, Interesting

      My biggest concern would be IT security guys that will stick a generic USB drive in their computer without scanning it first. Shame on anyone that goes to a security conference and trusts the graft to be virus-free.

      Which makes it kinda ironic, isn't it? A security conference with virus laden USB keys given out, and a good proportion of participants get infected. If even the security guys (whose job is to prevent such things) can't secure their machines, what hope does Joe Average have?

      I suppose the bigger question is - how come this wasn't reported... earlier? Surely someone at that conference must've seen it and disinfected, and saw others and posted something about it before IBM?

  4. All Anti-virus ? by JavaBear · · Score: 3, Insightful

    If all Anti-virus products have detected this one since 2008 it obviously begs the question, why didn't IBM's?

    1. Re:All Anti-virus ? by Lunix+Nutcase · · Score: 3, Informative

      The "all" was added by the summary writer. In the article the IBM spokesman said "most" anti-virus software.

      Wightwick said the malware, which dated to 2008, was detected by most anti-virus products.

      "The malware is known by a number of names and is contained in the setup.exe and autorun.ini files.

  5. IBM CEO by dandart · · Score: 3, Funny

    Mwuhahahahaa... destroy them all! That'll show 'em! They should've chosen OUR DOS, and we shouldn't have given them OUR PCs...

  6. Good thing a corporation did it by British · · Score: 4, Interesting

    If some individual did it, they would be in jail for a very long time. Thankfully, a 'corporation' did it, which can blame any # of people internally. Thus, no jail time for IBM. It will probably be handled in a private manner(ie nothing).

  7. It's takes 12-24 months for IBM IT to ok updates by Joe+The+Dragon · · Score: 4, Funny

    It's takes 12-24 months for IBM IT to ok updates

  8. Opportunity to be had by istartedi · · Score: 3, Insightful

    So many USB sticks come with pre-loaded crapware/malware. In the office we would stick them in Linux machines and format them from there. If you stuck it in a Windows machine without formatting it, you spent the rest of the day auditing your machine and puzzling over what might be left on it.

    The OPPORTUNITY is for a company to brand itself based on NOT HAVING CRAP on their sticks. I'm thinking Pure USB would be a nice name for such a product. I know I'd chose that over anything else if they were comparably priced. Don't get greedy and charge a premium for that. Just outsell the competition. I can't believe the kickbacks from crapware authors are that valuable.

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
    1. Re:Opportunity to be had by DrBoumBoum · · Score: 3, Informative

      Why not simply disable autorun?

  9. Re:It's takes 12-24 months for IBM IT to ok update by EvilIdler · · Score: 3, Insightful

    The parent post is modded funny, but I'm sure Joe's breaking an NDA! :P