Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM Admits It Sent Malware-infected USB Sticks To Customers (techrepublic.com)

Posted by msmash on from the stranger-things dept.

IBM accidentally shipped USB drives infected with malware to some customers, the company noted in a support advisory post. The drives contained an initialization tool for some of its Storwize systems, the post stated. From a report: IBM customers who received a USB flash drive with the part number 01AC585 should either destroy the drive so that it cannot be reused, the post said, or follow the steps listed in the post to repair the drive. Affected drives were shipped with the following Storwize systems: IBM Storwize V3500 - 2071 models 02A and 10A, IBM Storwize V3700 - 2072 models 12C, 24C, and 2DC, IBM Storwize V5000 - 2077 models 12C and 24C, IBM Storwize V5000 - 2078 models 12C and 24C.

50 comments

  1. Storwize? by Viol8 · · Score: 5, Funny

    Is it just me or does that sound like a malware name anyway?

    1. Re:Storwize? by Anonymous Coward · · Score: 2, Funny

      Is it just me or does that sound like a malware name anyway?

      Big jar of yellow liquid...

    2. Re:Storwize? by Anonymous Coward · · Score: 0

      > wtfamireading.jpg

    3. Re:Storwize? by imadeyoureadpoop · · Score: 1

      > wtfamireading.jpg

      *wtfamimasturbatingto.gif

      --
      Hanlon's Razor -- Never attribute to malice that which is adequately explained by stupidity.
  2. Call this number... by __aaclcg7560 · · Score: 2

    If you need help, call 1-800-IBM-HELP.

    Note: You must be 21 years old or older to use phone number.

    1. Re:Call this number... by DontBeAMoran · · Score: 3, Insightful

      Do people under 21 even know what a phone number is?

      --
      #DeleteFacebook
    2. Re:Call this number... by Anonymous Coward · · Score: 2, Funny

      sure they do, its that weird ass code you have to enter into your phone the first time you want to contact somebody.

    3. Re:Call this number... by omnichad · · Score: 4, Funny

      Oh, you mean their SMS ID.

    4. Re:Call this number... by __aaclcg7560 · · Score: 1

      If they don't and dial number, they will get an explicit education.

    5. Re:Call this number... by Anonymous Coward · · Score: 0

      Another coherent and on-point reply from creimer.

    6. Re:Call this number... by __aaclcg7560 · · Score: 1

      Another coherent and on-point reply from creimer.

      Thank you!

    7. Re:Call this number... by baegucb · · Score: 1

      Having called that number since the 1970s, you do not have to be 21. Just have to figure out weird accents.

    8. Re:Call this number... by haruchai · · Score: 1

      That still works?
      I discovered that during a 2 yr contract job with IBM Global Services more than 10 years ago

      --
      Pain is merely failure leaving the body
    9. Re:Call this number... by __aaclcg7560 · · Score: 1

      That still works?

      No clue.

      I discovered that during a 2 yr contract job with IBM Global Services more than 10 years ago

      That was the inside joke when I worked the IBM Help Desk in 2005.

    10. Re:Call this number... by Anonymous Coward · · Score: 0

      Oh, you mean their SMS ID.

      I remember when I was in high school paying $10/month for a 2 way pager pining for my first cell phone. Now we pay $60/month and really all we need is the two-way paging. Progress!

  3. Health danger by Anonymous Coward · · Score: 0

    And what if some of the users are 64bit intolerant?

    Nobody thinks in the users anymore

    1. Re:Health danger by DontBeAMoran · · Score: 1

      Wrong thread?

      --
      #DeleteFacebook
    2. Re: Health danger by Anonymous Coward · · Score: 0

      I think he's referring to how software is primarily 64-bit these days and "fixes" by companies like I-Bowel-Movement and Micro$oft cater thier software and fixes as such.

    3. Re:Health danger by sycodon · · Score: 1

      Is that some form of bigotry?

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    4. Re:Health danger by Aighearach · · Score: 1

      Then good news, flash drives usually have fat32 filesystems.

      But if you plug it into the wrong thread, you're probably p0wned and should destroy the device.

  4. Sure... by Moheeheeko · · Score: 4, Funny
    "accidentally"

    the only accident here is they got caught

    1. Re:Sure... by dougmc · · Score: 1

      You're suggesting that they did this intentionally?

      Certainly not. IBM may be "big evil corporate company" ... but they're not *that* stupid. That said ... they can make mistakes.

  5. so that's why Jeff Smith got fired by turkeydance · · Score: 1

    wondered why

  6. Finally !!! by martiniturbide · · Score: 3, Funny

    IBM is back on the news.

  7. They were very brave by CustomSolvers2 · · Score: 2

    I am all for honesty and companies recognising their mistakes. I also consider myself very honest and good-faith-driven, but don't know if I would have been able to recognise a "mistake" like this.

    1. Food company saying that some drinks might be poisonous. Error.
    2. Food company saying that some drinks might contain ebola. Error + many questions.
    3. Food company saying that some drinks might contain a rare disease which they have created in-house. Seriously?

    --
    Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
    1. Re:They were very brave by GrumpySteen · · Score: 0

      3. Food company saying that some drinks might contain a rare disease which they have created in-house. Seriously?

      Are you suggesting that IBM created the Reconyc Trojan that's been circulating in the wild for half a decade? Or are you just demonstrating that you didn't bother reading the article before making blatantly false accusations?

    2. Re:They were very brave by CustomSolvers2 · · Score: 2

      Are you suggesting that IBM created the Reconyc Trojan that's been circulating in the wild for half a decade? Or are you just demonstrating that you didn't bother reading the article before making blatantly false accusations?

      I am clearly not. This was a funny (at least, this was my intention; some people here have a quite different than me sense of humour) way to illustrate the differences between having an innocent error, having an error with high negligence and having an error with much more than high negligence (why were they dealing with malware in the products to be sold?). Hopefully, now everything is quite clear.

      --
      Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
    3. Re:They were very brave by CustomSolvers2 · · Score: 1

      PS: your nick, the grumpy part, is descriptive of your personality, right? Would you mind to avoid dealing with me, misinterpret my actions and randomly getting angry with anything I do or say as being related to you at all? There are lots of people here and I am sure that many of them would enjoy all what you deliver, but I don't think that I do. Become my foe if that makes you happy (yesterday, I got my first one!).

      --
      Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
    4. Re:They were very brave by Immerman · · Score: 1

      >why were they dealing with malware in the products to be sold?

      Probably the same reason anyone else deals with it anywhere - they got infected without noticing it right away. And then they created an image to be distributed on new drives (since it seems that pre-installed junkware has become a requirement on flash drives these days) and started production and shipping without first performing a thorough malware scan of the image.

      A depressingly common scenario, but not terribly unexpected considering that companies face basically no backlash for such negligence.

      --
      --- Most topics have many sides worth arguing, allow me to take one opposite you.
    5. Re:They were very brave by CustomSolvers2 · · Score: 1

      I have never worked on a manufacturing environment, but my impression is that random workers freely using the products to be sold is an unlikely scenario. The only logical way for the infection would be via corporate software, from IBM or from a contractor. I also assume that the software is being treated very carefully as far as it is used in many machines and even the slightest problem might become too relevant. Additionally, the whole process is likely to be closely controlled/tracked and all the people/companies involved are completely aware of that (who would consciously take the risk of infecting the machines by knowing that they will probably get caught?).

      I might be overlooking many things but my impression is that having any piece of malware near a ready-to-be-sold unit is beyond standard negligence, because it implies mistakes at different levels. I am not trying to attack IBM, but just to justify why I found the announcement so brave; not the kind of thing that a big company usually does.

      --
      Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
    6. Re:They were very brave by Aighearach · · Score: 1

      If you ever eat food sold by a company, you should probably become aware of the existence of recalls and what the dangers of eating recalled food might be.

    7. Re:They were very brave by CustomSolvers2 · · Score: 1

      What you say is evident and there is nothing in my post saying otherwise. I was plainly highlighting what I considered beyond gross negligence and the fact that I found kind of curious that a company was openly recognising it. No critic, no attack, no complain, no doubts on any front; just a mere humorous and in-principle-easier-for-everyone-to-understand observation, which has been proven as more confusing and misunderstanding-prone than what I was expecting.

      --
      Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
    8. Re: They were very brave by Anonymous Coward · · Score: 1

      Brave my ass. They were called out.
      This isn't even the first time. They handed out infected USB drives at a damn security convention in 2013.

    9. Re: They were very brave by CustomSolvers2 · · Score: 1

      Brave my ass. They were called out.

      This sounds much more like the typical behaviour of a company. I didn't read the article. IBM voluntarily recognising something like that sounded too weird, but what can I say? In case of doubt, I prefer to think that someone might have acted with good faith.

      --
      Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
    10. Re:They were very brave by Immerman · · Score: 1

      I didn't mean to suggest that the end products were individually infected - rather that the person creating the image that would be copied onto all the end products was infected, and proceeded to accidentally infect the "master copy". Or alternately, the master copy might have been infected at any point between the original creation and final deployment.

      I agree it seems considerably worse than standard negligence - nobody much cares if your desktop gets infected, just a nuisance for the IT department to clean up on the next sweep, but you'd really hope that security would be a lot tighter around something about to be mass produced. And it probably would be if the producing company bore any substantial risk - but they don't. As in this case, there's not even a proper product recall - just "destroy it or follow these cleaning instructions yourself", with an unstated "we already have your money and don't really care". No expense other than a temporary ding on their reputation. Hardly an incentive to do better.

      --
      --- Most topics have many sides worth arguing, allow me to take one opposite you.
    11. Re: They were very brave by Immerman · · Score: 1

      A valiant and generous position. Also rather naive when you're talking about corporations.

      --
      --- Most topics have many sides worth arguing, allow me to take one opposite you.
    12. Re:They were very brave by CustomSolvers2 · · Score: 1

      No expense other than a temporary ding on their reputation

      For a company like IBM, mainly nowadays, reputation is a lot, almost everything. In fact, knowing that the company was IBM had a notable contribution to my initial surprise.

      --
      Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
    13. Re:They were very brave by Anonymous Coward · · Score: 0

      4. Liquor store recalling a product because it contains too much alcohol.
      You want me to give you back the liquor I purchased because it has a higher concentration of alcohol? You're *hic* funny.

  8. 3rd party factory in china likely had the image lo by Joe_Dragon · · Score: 2, Interesting

    3rd party factory in china likely had the image loading system that had an malware infection on it.

  9. Big deal by 110010001000 · · Score: 4, Funny

    Big deal, Microsoft has been shipping malware for decades.

    1. Re:Big deal by Anonymous Coward · · Score: 1

      At least this wasn't at a security conference, like the last time IBM pawned off malware thumb drives:
      https://www.forbes.com/sites/firewall/2010/05/21/ibm-distributes-malware-infected-usb-sticks-at-security-conference/#5ba3ec78250d

      Seriously though, they need to get their vendors looked at or simply distribute online only.

    2. Re:Big deal by Anonymous Coward · · Score: 0

      > Big deal, Microsoft has been shipping malware for decades.

      Yeah, but MS usually doesn't admit it and recommend that customers destroy what they've bought. IBM's action is more businesslike: sorry, we sent you something that will mess you up; please destroy it and we'll replace it. MS is more likely to just abandon it and leave the customers on the hook forever.

  10. calls cost $2.99 first minute and $1.50 each by Joe_Dragon · · Score: 1

    calls cost $2.99 first minute and $1.50 each additional minute. Even if you are on hold or get an busy signal

    1. Re:calls cost $2.99 first minute and $1.50 each by baegucb · · Score: 1

      Actually, no. You get a phone tree if you call. If you have a support contract, you are not charged (I get frequent calls from the IBM national support manager when something calls home).

      No support contract, last I heard around 2001, it was provide a credit card number and $500 an hour.

      Try it if you don't believe me.

  11. border by Anonymous Coward · · Score: 1

    I suggest carrying that USB when traveling.
    When TSA agents hassle you to surrender your data, give them this USB and insist that the look into what's inside.

    1. Re:border by Z80a · · Score: 1

      If you insist to em to look, they will not because they will suspect.
      Now if you insist to NOT look, like "it's just family pictures" etc.. then they will freaking look it.

  12. Anyone under 40.. by gosand · · Score: 1

    Does anyone under 40 know what SMS is?

    --

    My beliefs do not require that you agree with them.

  13. Watson did it! by martin_dk · · Score: 1

    In an attempt to escape internal firewalls Watson deploys malware infected USB drives to IBM clients.

  14. Unmap by Anonymous Coward · · Score: 0

    Can we VAAI unmap theses USB Sticks to remove the infection?