nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Big mistake by Big Blue: Storwize initialisation USBs had malware

The IBM arrays are okay, but the PC you used to set up the array might be in trouble

By Richard Chirgwin, 30 Apr 2017

Big Blue is red-faced after shipping malware-infected initialisation USBs for its Storwize disk racks.

The company is therefore strongly suggesting users "Securely destroy the USB flash drive so that it can not be reused." Either that or wipe it, disinfect anything it touched and cross your fingers. Then download the files you need and start again.

The trojan in question goes by various names. Kaspersky's description says it's a dropper that installs itself in a temporary folder, and on execution, download other malware.

IBM's dodgy USB

If your Storwize config USB matches this, kill it with fire

The dodgy USBs have the part number 01AC585, and may have shipped with the Storwize V3500 model 2071 01A and 10A; V3500 model 2072 12C, 24C and 2DC; V5000 model 2077 12C and 24C; and V5000 model 2078 12C and 24C.

The malware didn't land on the storage systems themselves, but rather on the laptop or desktop used to configure them: “the malicious file is copied with the initialization tool to the following temporary folder:

On Windows systems: %TMP%\initTool

On Linux and Mac systems: /tmp/initTool”.

Affected users need to run their anti-virus (there's a list of anti-virus software that detect it in IBM's post), and make sure the temporary directories are deleted. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing