[ISN] IBM red-faced after handing out USB drives stuffed with malware

From: InfoSec News <alerts_at_private>
Date: Mon, 24 May 2010 00:26:30 -0500 (CDT)
http://news.techworld.com/security/3224283/ibm-red-faced-after-handing-out-usb-drives-stuffed-with-malware/

By Maxwell Cooter 
Techworld
21 May 10

You might get more than you bargained for if you attend a security 
conference. IBM shocked delegates at the Australian AusCERT conference 
in Queensland by handing out USB sticks infected with malware.

The company was forced to write to delegates apologising for its error. 
"At the AusCERT conference this week, you may have collected a 
complimentary USB key from the IBM booth. Unfortunately we have 
discovered that some of these USB keys contained malware and we suspect 
that all USB keys may be affected."

It was actually worse than IBM intimated. To make it doubly 
embarrassing, according to security company Sophos, the company included 
two examples of malware: W32/LibHack-A. and W32/Agent-FWF.

Sophos's senior technology consultant, Graham Cluley had a guess how the 
error occurred. "My guess is that they didn't check the USB sticks 
before handing them out. Maybe they out-sourced the creation of the USB 
content to a third party, and they weren't careful enough. After all, if 
an infected PC was used to create the "image" of the USB drive then it 
would have been easy for that disk image to be infected and copied onto 
every USB stick they handed out."

[...]


_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/ 
Received on Sun May 23 2010 - 22:26:30 PDT

This archive was generated by hypermail 2.2.0 : Sun May 23 2010 - 22:32:00 PDT