IBM Admits It Sent Malware-infected USB Sticks To Customers (techrepublic.com)

← Back to Stories (view on slashdot.org)

IBM Admits It Sent Malware-infected USB Sticks To Customers (techrepublic.com)

Posted by msmash on Wednesday May 3, 2017 @03:20AM from the stranger-things dept.

IBM accidentally shipped USB drives infected with malware to some customers, the company noted in a support advisory post. The drives contained an initialization tool for some of its Storwize systems, the post stated. From a report: IBM customers who received a USB flash drive with the part number 01AC585 should either destroy the drive so that it cannot be reused, the post said, or follow the steps listed in the post to repair the drive. Affected drives were shipped with the following Storwize systems: IBM Storwize V3500 - 2071 models 02A and 10A, IBM Storwize V3700 - 2072 models 12C, 24C, and 2DC, IBM Storwize V5000 - 2077 models 12C and 24C, IBM Storwize V5000 - 2078 models 12C and 24C.

50 comments

Min score:

Reason:

Sort:

Storwize? by Viol8 · 2017-05-03 03:26 · Score: 5, Funny

Is it just me or does that sound like a malware name anyway?
1. Re:Storwize? by Anonymous Coward · 2017-05-03 03:59 · Score: 2, Funny
  
  Is it just me or does that sound like a malware name anyway?
  Big jar of yellow liquid...
2. Re:Storwize? by Anonymous Coward · 2017-05-03 04:00 · Score: -1
  
  I slowly opened my eyes, seeing the sunrise out in the distance over the snowy mountains. My senses were coming back to me as I began to feel the furry blanket rub against my skin. The fresh scent of pine trees was carried into the room by a blizzard that was brewing. The cold air flowed into the room like a steady rush of water. The howling of the wind grew louder, but then it was silenced, and the cave began to heat up again. I looked over to see that the entrance had been sealed off by a large metal door. I didn't worry about it too much, in fact, I was kind of hoping for something like this, but I didn't know why. Probably because if someone found this, it would take a lot of explaining.
  I let my hands explore the bed, letting my fingers run through the soft fur. My left hand moved up onto a furry bump and began to rub it gently. I looked over to my left to see Snowi on her stomach, smiling with her eyes closed. I scooted over next to her, letting one hand rub her bubbly ass. She slowly opened her eyes and gazed into mine. She gave out a light sigh as I continued to massage her ass. She positioned herself onto her side, and pulled me into a long, deep kiss. Her tongue played with mine, as we probed each other's mouths. I continued to rub her ass as she moaned into my mouth, pressing her tits to my chest.
  After a minute or so, our lips parted. She looked at me with a serious attitude.
  "John" she said with a sexy tone.
  "Yes?" I responded.
  "Will you be my slave?" She said as her soft emerald eyes stared at mine.
  "Yes" I answered. She smiled, and continued to kiss me. After about five minutes of kissing and spooning, she pushed my head down into her breasts.
  I rested my head in her massive tits. They were so soft and cozy with her layer of fur. She flipped over onto her back and held a juicy melon for me to suck on. I gladly accepted it, and wrapped my mouth around her fat, pink nipple. I held her huge, natural boob up to my face as I began to lick and tease her nipple. I squeezed her other tit, and instantly breast milk squirted out. I took her entire nipple into my mouth, drinking her milk. She moaned loudly as I squeezed her other breast. She wrapped her arms around me as she moaned, pressing my head into her melons. My face was covered in her milk as she let her hold on me loosen.
  Again, she pushed my head farther down, I smiled.
  She crossed her legs around my head and squeezed my head with her thighs. I teased her pussy lips with my tongue as she moaned loudly, arching her back while I darted my tongue in and out of her wet and tight vagina. I stuck my tongue deep into her pussy, swirling it around. She nearly screamed as I fucked her pussy with my tongue. Her grip around my head tightened, forcing my face to press into her crotch. I kissed her lips, then she loosened her hold on me, allowing me to roll over on my back with a mix of her breast milk and pussy juice on my face.
  She laid there panting like a tired dog, looking at me intently.
  "I'll be right back, stay put," She said as she ran into one of the doors on the sides of the cave. I watched her large bubbly ass bounce as she jogged away from me. It was probably the largest I've ever seen.
  After a few moments later, I heard the door open. I was lying down on my back in the center of the bed, eyes closed, waiting for what ever Snowi had in store for me.
  She walked over to me, not saying anything, and took my right arm first and handcuffed my wrist to the legs of the bed. Then my left wrist was locked in, then my legs. I opened my eyes to see Snowi above me, staring at my cock with hungry eyes. She positioned herself over me, with her ass pointed at my face. She lowered her pussy onto my dick, slowly beginning to bounce on my manhood. Her hypnotizing ass smacked onto my crotch each time she went up and down. I tried to thrust my dick as far as I could into her as she came down, making her moan loudly. She leaned forward, only moving her ass as it bounced. She looked back at me, smil
3. Re:Storwize? by Anonymous Coward · 2017-05-03 05:10 · Score: 0
  
  > wtfamireading.jpg
4. Re:Storwize? by imadeyoureadpoop · 2017-05-03 20:05 · Score: 1
  
  > wtfamireading.jpg
  *wtfamimasturbatingto.gif
  
  --
  Hanlon's Razor -- Never attribute to malice that which is adequately explained by stupidity.
Call this number... by __aaclcg7560 · 2017-05-03 03:28 · Score: 2

If you need help, call 1-800-IBM-HELP.
Note: You must be 21 years old or older to use phone number.
1. Re:Call this number... by DontBeAMoran · 2017-05-03 03:49 · Score: 3, Insightful
  
  Do people under 21 even know what a phone number is?
  
  --
  #DeleteFacebook
2. Re:Call this number... by Anonymous Coward · 2017-05-03 03:53 · Score: 2, Funny
  
  sure they do, its that weird ass code you have to enter into your phone the first time you want to contact somebody.
3. Re:Call this number... by omnichad · 2017-05-03 04:16 · Score: 4, Funny
  
  Oh, you mean their SMS ID.
4. Re:Call this number... by __aaclcg7560 · 2017-05-03 04:18 · Score: 1
  
  If they don't and dial number, they will get an explicit education.
5. Re:Call this number... by Anonymous Coward · 2017-05-03 04:44 · Score: 0
  
  Another coherent and on-point reply from creimer.
6. Re:Call this number... by __aaclcg7560 · 2017-05-03 04:58 · Score: 1
  
  Another coherent and on-point reply from creimer.
  Thank you!
7. Re:Call this number... by baegucb · 2017-05-03 09:33 · Score: 1
  
  Having called that number since the 1970s, you do not have to be 21. Just have to figure out weird accents.
8. Re:Call this number... by haruchai · 2017-05-03 11:24 · Score: 1
  
  That still works?
  I discovered that during a 2 yr contract job with IBM Global Services more than 10 years ago
  
  --
  Pain is merely failure leaving the body
9. Re:Call this number... by __aaclcg7560 · 2017-05-03 12:23 · Score: 1
  
  That still works?
  No clue.
  
  I discovered that during a 2 yr contract job with IBM Global Services more than 10 years ago
  That was the inside joke when I worked the IBM Help Desk in 2005.
10. Re:Call this number... by Anonymous Coward · 2017-05-03 16:09 · Score: 0
  
  Oh, you mean their SMS ID.
  I remember when I was in high school paying $10/month for a 2 way pager pining for my first cell phone. Now we pay $60/month and really all we need is the two-way paging. Progress!
Health danger by Anonymous Coward · 2017-05-03 03:34 · Score: 0

And what if some of the users are 64bit intolerant?
Nobody thinks in the users anymore
1. Re:Health danger by DontBeAMoran · 2017-05-03 03:51 · Score: 1
  
  Wrong thread?
  
  --
  #DeleteFacebook
2. Re: Health danger by Anonymous Coward · 2017-05-03 04:59 · Score: 0
  
  I think he's referring to how software is primarily 64-bit these days and "fixes" by companies like I-Bowel-Movement and Micro$oft cater thier software and fixes as such.
3. Re:Health danger by sycodon · 2017-05-03 06:21 · Score: 1
  
  Is that some form of bigotry?
  
  --
  When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
4. Re:Health danger by Aighearach · 2017-05-03 07:26 · Score: 1
  
  Then good news, flash drives usually have fat32 filesystems.
  But if you plug it into the wrong thread, you're probably p0wned and should destroy the device.
Sure... by Moheeheeko · 2017-05-03 03:48 · Score: 4, Funny

"accidentally"
the only accident here is they got caught
1. Re:Sure... by dougmc · 2017-05-03 16:02 · Score: 1
  
  You're suggesting that they did this intentionally?
  Certainly not. IBM may be "big evil corporate company" ... but they're not *that* stupid. That said ... they can make mistakes.
so that's why Jeff Smith got fired by turkeydance · 2017-05-03 04:10 · Score: 1

wondered why
Finally !!! by martiniturbide · 2017-05-03 04:24 · Score: 3, Funny

IBM is back on the news.
They were very brave by CustomSolvers2 · 2017-05-03 04:27 · Score: 2

I am all for honesty and companies recognising their mistakes. I also consider myself very honest and good-faith-driven, but don't know if I would have been able to recognise a "mistake" like this.

1. Food company saying that some drinks might be poisonous. Error.
2. Food company saying that some drinks might contain ebola. Error + many questions.
3. Food company saying that some drinks might contain a rare disease which they have created in-house. Seriously?

--
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
1. Re:They were very brave by GrumpySteen · 2017-05-03 04:57 · Score: 0
  
  3. Food company saying that some drinks might contain a rare disease which they have created in-house. Seriously?
  Are you suggesting that IBM created the Reconyc Trojan that's been circulating in the wild for half a decade? Or are you just demonstrating that you didn't bother reading the article before making blatantly false accusations?
2. Re:They were very brave by CustomSolvers2 · 2017-05-03 05:18 · Score: 2
  
  Are you suggesting that IBM created the Reconyc Trojan that's been circulating in the wild for half a decade? Or are you just demonstrating that you didn't bother reading the article before making blatantly false accusations?
  I am clearly not. This was a funny (at least, this was my intention; some people here have a quite different than me sense of humour) way to illustrate the differences between having an innocent error, having an error with high negligence and having an error with much more than high negligence (why were they dealing with malware in the products to be sold?). Hopefully, now everything is quite clear.
  
  --
  Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
3. Re:They were very brave by CustomSolvers2 · 2017-05-03 05:27 · Score: 1
  
  PS: your nick, the grumpy part, is descriptive of your personality, right? Would you mind to avoid dealing with me, misinterpret my actions and randomly getting angry with anything I do or say as being related to you at all? There are lots of people here and I am sure that many of them would enjoy all what you deliver, but I don't think that I do. Become my foe if that makes you happy (yesterday, I got my first one!).
  
  --
  Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
4. Re:They were very brave by Immerman · 2017-05-03 06:10 · Score: 1
  
  >why were they dealing with malware in the products to be sold?
  Probably the same reason anyone else deals with it anywhere - they got infected without noticing it right away. And then they created an image to be distributed on new drives (since it seems that pre-installed junkware has become a requirement on flash drives these days) and started production and shipping without first performing a thorough malware scan of the image.
  A depressingly common scenario, but not terribly unexpected considering that companies face basically no backlash for such negligence.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
5. Re:They were very brave by CustomSolvers2 · 2017-05-03 06:41 · Score: 1
  
  I have never worked on a manufacturing environment, but my impression is that random workers freely using the products to be sold is an unlikely scenario. The only logical way for the infection would be via corporate software, from IBM or from a contractor. I also assume that the software is being treated very carefully as far as it is used in many machines and even the slightest problem might become too relevant. Additionally, the whole process is likely to be closely controlled/tracked and all the people/companies involved are completely aware of that (who would consciously take the risk of infecting the machines by knowing that they will probably get caught?).
  
  I might be overlooking many things but my impression is that having any piece of malware near a ready-to-be-sold unit is beyond standard negligence, because it implies mistakes at different levels. I am not trying to attack IBM, but just to justify why I found the announcement so brave; not the kind of thing that a big company usually does.
  
  --
  Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
6. Re:They were very brave by Aighearach · 2017-05-03 07:27 · Score: 1
  
  If you ever eat food sold by a company, you should probably become aware of the existence of recalls and what the dangers of eating recalled food might be.
7. Re:They were very brave by CustomSolvers2 · 2017-05-03 07:48 · Score: 1
  
  What you say is evident and there is nothing in my post saying otherwise. I was plainly highlighting what I considered beyond gross negligence and the fact that I found kind of curious that a company was openly recognising it. No critic, no attack, no complain, no doubts on any front; just a mere humorous and in-principle-easier-for-everyone-to-understand observation, which has been proven as more confusing and misunderstanding-prone than what I was expecting.
  
  --
  Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
8. Re: They were very brave by Anonymous Coward · 2017-05-03 08:26 · Score: 1
  
  Brave my ass. They were called out.
  This isn't even the first time. They handed out infected USB drives at a damn security convention in 2013.
9. Re: They were very brave by CustomSolvers2 · 2017-05-03 08:42 · Score: 1
  
  Brave my ass. They were called out.
  This sounds much more like the typical behaviour of a company. I didn't read the article. IBM voluntarily recognising something like that sounded too weird, but what can I say? In case of doubt, I prefer to think that someone might have acted with good faith.
  
  --
  Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
10. Re:They were very brave by Immerman · 2017-05-03 11:34 · Score: 1
  
  I didn't mean to suggest that the end products were individually infected - rather that the person creating the image that would be copied onto all the end products was infected, and proceeded to accidentally infect the "master copy". Or alternately, the master copy might have been infected at any point between the original creation and final deployment.
  I agree it seems considerably worse than standard negligence - nobody much cares if your desktop gets infected, just a nuisance for the IT department to clean up on the next sweep, but you'd really hope that security would be a lot tighter around something about to be mass produced. And it probably would be if the producing company bore any substantial risk - but they don't. As in this case, there's not even a proper product recall - just "destroy it or follow these cleaning instructions yourself", with an unstated "we already have your money and don't really care". No expense other than a temporary ding on their reputation. Hardly an incentive to do better.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
11. Re: They were very brave by Immerman · 2017-05-03 11:35 · Score: 1
  
  A valiant and generous position. Also rather naive when you're talking about corporations.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
12. Re:They were very brave by CustomSolvers2 · 2017-05-03 19:31 · Score: 1
  
  No expense other than a temporary ding on their reputation
  For a company like IBM, mainly nowadays, reputation is a lot, almost everything. In fact, knowing that the company was IBM had a notable contribution to my initial surprise.
  
  --
  Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
13. Re:They were very brave by Anonymous Coward · 2017-05-04 01:23 · Score: 0
  
  4. Liquor store recalling a product because it contains too much alcohol.
  You want me to give you back the liquor I purchased because it has a higher concentration of alcohol? You're *hic* funny.
3rd party factory in china likely had the image lo by Joe_Dragon · 2017-05-03 04:31 · Score: 2, Interesting

3rd party factory in china likely had the image loading system that had an malware infection on it.
Big deal by 110010001000 · 2017-05-03 04:31 · Score: 4, Funny

Big deal, Microsoft has been shipping malware for decades.
1. Re:Big deal by Anonymous Coward · 2017-05-03 05:40 · Score: 1
  
  At least this wasn't at a security conference, like the last time IBM pawned off malware thumb drives:
  https://www.forbes.com/sites/firewall/2010/05/21/ibm-distributes-malware-infected-usb-sticks-at-security-conference/#5ba3ec78250d
  Seriously though, they need to get their vendors looked at or simply distribute online only.
2. Re:Big deal by Anonymous Coward · 2017-05-03 13:40 · Score: 0
  
  > Big deal, Microsoft has been shipping malware for decades.
  Yeah, but MS usually doesn't admit it and recommend that customers destroy what they've bought. IBM's action is more businesslike: sorry, we sent you something that will mess you up; please destroy it and we'll replace it. MS is more likely to just abandon it and leave the customers on the hook forever.
calls cost $2.99 first minute and $1.50 each by Joe_Dragon · 2017-05-03 04:34 · Score: 1

calls cost $2.99 first minute and $1.50 each additional minute. Even if you are on hold or get an busy signal
1. Re:calls cost $2.99 first minute and $1.50 each by baegucb · 2017-05-03 09:37 · Score: 1
  
  Actually, no. You get a phone tree if you call. If you have a support contract, you are not charged (I get frequent calls from the IBM national support manager when something calls home).
  No support contract, last I heard around 2001, it was provide a credit card number and $500 an hour.
  Try it if you don't believe me.
border by Anonymous Coward · 2017-05-03 09:17 · Score: 1

I suggest carrying that USB when traveling.
When TSA agents hassle you to surrender your data, give them this USB and insist that the look into what's inside.
1. Re:border by Z80a · 2017-05-03 14:48 · Score: 1
  
  If you insist to em to look, they will not because they will suspect.
  Now if you insist to NOT look, like "it's just family pictures" etc.. then they will freaking look it.
Anyone under 40.. by gosand · 2017-05-03 09:57 · Score: 1

Does anyone under 40 know what SMS is?

--

My beliefs do not require that you agree with them.
Watson did it! by martin_dk · 2017-05-03 21:16 · Score: 1

In an attempt to escape internal firewalls Watson deploys malware infected USB drives to IBM clients.
Unmap by Anonymous Coward · 2017-05-05 04:32 · Score: 0

Can we VAAI unmap theses USB Sticks to remove the infection?