Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IBM Distributes USB Malware At Security Conference

kdawson posted more than 4 years ago | from the just-testing-ya dept.

IBM 73

bennyboy64 and other readers let us know that IBM sent out an email to all attendees to the Australian Computer Emergency Response Team (AusCERT) 2010 conference, warning them that some of the USB drives handed out to delegates contained malware. Fortunately it was old malware, which all anti-virus products have detected since 2008. Two years ago telecommunications company Telstra distributed malware-infected USB drives at the same conference.

Sorry! There are no comments related to the filter you selected.

Old malware.... (4, Funny)

Rotten (8785) | more than 4 years ago | (#32291660)

IBM old malware is......OS/2?

I think BSD acronym needs a change (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32291676)

Due to the ever dwindling usage of the BSDs and the ever increasing rabid foaming of the mouth of its users in response to this, I suggest we remake the BSD acronym from the Berkeley Software Distribution to the Butthurt Suckers Distribution. Anyone else in agreement?

Re:Old malware.... (5, Funny)

Opportunist (166417) | more than 4 years ago | (#32292138)

OS/2 was not malware. Malware is unobstrusive, runs usually pretty well with Windows, only occasionally slows down the system and is usually also well maintained.

Stop badmouthing malware, please.

Re:Old malware.... (2)

NervousWreck (1399445) | more than 4 years ago | (#32292386)

Ah, so Vista isn't malware either? Shucks, I can't use one of my favorite lines on friends who ask me for help.

Re:Old malware.... (1)

Opportunist (166417) | more than 4 years ago | (#32299800)

No, Vista is a bug. Or a glitch, depends.

Re:Old malware.... (1)

Anonymous Coward | more than 4 years ago | (#32293484)

Stop badmouthing OS/2. It was far superior to Windows (its only downfall was lack of Windows 95 app compatibility and hardware compatibility).

Wow... (5, Funny)

wandazulu (265281) | more than 4 years ago | (#32291678)

...I didn't realize they'd been able to squeeze Lotus Notes onto a USB drive.

Re:Wow... (0)

Anonymous Coward | more than 4 years ago | (#32292130)

...I didn't realize they'd been able to squeeze Lotus Notes onto a USB drive.

USB drives are getting bigger all the time and Blotus Notes is getting smaller...well Market Share wise that is!

Re:Wow... (1)

Hurricane78 (562437) | more than 4 years ago | (#32292898)

To be honest, it was a new experimental USB stick, 1TB of size.
So the installer did barely fit on it. The installer that you needed to download the actual data, of course.

wtf? (3, Insightful)

Pojut (1027544) | more than 4 years ago | (#32291690)

Seriously. Come on IBM. You're one of the biggest names in the industry, you hold thousands of patents...and you can't ensure you give devices that have already been secured to conference goers? ::obligatory::

We can go to the moon...

Re:wtf? (0)

Anonymous Coward | more than 4 years ago | (#32291702)

Odds are that the USB drives have been sitting in a box for a year or so in the back corner of someone's Research Triangle Park office.

Re:wtf? (0, Troll)

LOLLinux (1682094) | more than 4 years ago | (#32291714)

Or kdawson has been using them as buttplugs.

Re:wtf? (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#32291780)

And they don't scan them for viruses and malware before handing them out?

Re:wtf? (2, Insightful)

alfredos (1694270) | more than 4 years ago | (#32292082)

While I won't justify IBM's goof, it's fair to say that slips like this happen. What can you do about it? Set up a procedure so that everything going out the door has to pass certain checks? I dare say that the solution would be much worse than the problem.

Besides, it makes for a nice Slashdot discussion with jokes and all.

Re:wtf? (0)

Anonymous Coward | more than 4 years ago | (#32291792)

We can go to the moon...

AFAIK, currently we can not ...

Re:wtf? (1)

Pojut (1027544) | more than 4 years ago | (#32291850)

Thanks for that. Nothing like a healthy dose of depression on Friday :/

Re:wtf? (0)

Anonymous Coward | more than 4 years ago | (#32295710)

Thanks for that. Nothing like a healthy dose of depression on Friday :/

Try going outside tonight to find a female, even though they may be even further out of your league. There are no Amazon Women on the Moon.

Re:wtf? (2, Insightful)

jamesh (87723) | more than 4 years ago | (#32291858)

Seriously. Come on IBM. You're one of the biggest names in the industry, you hold thousands of patents...and you can't ensure you give devices that have already been secured to conference goers?

My first assumption (without RTFA) is that they would have outsourced it.

Re:wtf? (4, Informative)

JamesP (688957) | more than 4 years ago | (#32291872)

No, I'd say:

It's a security conference, if you can't handle a USB drive with a (Windows program) virus you shouldn't be there.

Re:wtf? (1)

Opportunist (166417) | more than 4 years ago | (#32292162)

A shuddering thought just hit me. This was a security conference, and of course a USB key containing malware is easily and immediately spotted, dissected, squished and laughed off.

Not let's imagine this was a markedroid conference... And, extrapolated, what happens at such cons where markedroids and other suits congregate without a clued person within a hundred miles?

Re:wtf? (1)

Farmer Tim (530755) | more than 4 years ago | (#32294134)

So it's really just a way of keeping the attendees entertained? See, IBM really does care...

Re:wtf? (1)

aldld (1663705) | more than 4 years ago | (#32301304)

Or maybe it just means that you need to be there.

Re:wtf? (1)

Yvanhoe (564877) | more than 4 years ago | (#32291964)

MArketing and PR are probably the only department handled by computers running under Windows. Which is obviously a bad move...

Re:wtf? (2, Interesting)

dnahelicase (1594971) | more than 4 years ago | (#32293280)

was it an accident? A good friend of mine works for a defense contractor and they used to do this as part of a security audit. Every once in a while they would just drop USB keys in the parking lot and then notify everyone that had a computer that got infected by it after a few days.

My biggest concern would be IT security guys that will stick a generic USB drive in their computer without scanning it first. Shame on anyone that goes to a security conference and trusts the graft to be virus-free.

Re:wtf? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32293852)

How would you scan a USB drive without first sticking it into a computer?

Re:wtf? (1)

jdgeorge (18767) | more than 4 years ago | (#32294176)

You scan the USB drive by sticking it into a non-Windows computer, or one that doesn't by default execute software installed on the medium.

Yes, you deserve a funny mod instead of an obvious response.

Re:wtf? (1)

Runaway1956 (1322357) | more than 4 years ago | (#32295462)

Heh - GP asked the question that was on my mind, and you gave the obvious answer. Now - it's time we came up with a "Secure USB scanner". Yes, yes, yes, of course it's a gimmick. And, of course, it's gonna be a ripoff. All we have to do is, get a USB cord, terminate it inside a stupid little box with a light that flashes as data transfers, then plug our USB into the box. It will make dummies feel good that they have "securely" scanned their USB before plugging it into a computer.

I smell money - dishonest huckster money, to be sure, but money all the same!!

Re:wtf? (2, Interesting)

tlhIngan (30335) | more than 4 years ago | (#32293938)

My biggest concern would be IT security guys that will stick a generic USB drive in their computer without scanning it first. Shame on anyone that goes to a security conference and trusts the graft to be virus-free.

Which makes it kinda ironic, isn't it? A security conference with virus laden USB keys given out, and a good proportion of participants get infected. If even the security guys (whose job is to prevent such things) can't secure their machines, what hope does Joe Average have?

I suppose the bigger question is - how come this wasn't reported... earlier? Surely someone at that conference must've seen it and disinfected, and saw others and posted something about it before IBM?

Re:wtf? (0)

Anonymous Coward | more than 4 years ago | (#32293416)

Seriously. Come on IBM. You're one of the biggest names in the industry, you hold thousands of patents...and you can't ensure you give devices that have already been secured to conference goers? ::obligatory::

We can go to the moon...

Yeah, but at least they took quick steps to correct the problem and admit the mistake.

Re:wtf? (0)

Anonymous Coward | more than 4 years ago | (#32294086)

There is no such thing as bad publicity.

Re:wtf? (0)

Anonymous Coward | more than 4 years ago | (#32294944)

Perhaps if IBM would allow it's employees to run something more secure than Symantec (which we all know is crap) then perhaps, just maybe, we wouldn't be reading about an incident that ultimately means that an IBM employee has been infected on their production machine. Just maybe.

Nod32 for tha win. ~_^

Re:wtf? (1)

Gilmoure (18428) | more than 4 years ago | (#32298164)

Ricky the intern was just given a box with 500 thumb drives and told to format them.

Re:wtf? (0)

Anonymous Coward | more than 4 years ago | (#32301550)

With budget cuts there are no interns, Outsourced to (place your favorite location here)

Re:wtf? (1)

PassiveAggressive (895773) | more than 4 years ago | (#32334344)

Or at least get some new malware and not that old 2008 crap. Sheesh...

All Anti-virus ? (3, Insightful)

JavaBear (9872) | more than 4 years ago | (#32291878)

If all Anti-virus products have detected this one since 2008 it obviously begs the question, why didn't IBM's?

Re:All Anti-virus ? (3, Informative)

Lunix Nutcase (1092239) | more than 4 years ago | (#32291910)

The "all" was added by the summary writer. In the article the IBM spokesman said "most" anti-virus software.

Wightwick said the malware, which dated to 2008, was detected by most anti-virus products.

"The malware is known by a number of names and is contained in the setup.exe and autorun.ini files.

Re:All Anti-virus ? (1)

JavaBear (9872) | more than 4 years ago | (#32291932)

It would still be nice to know which ones don't :)

Re:All Anti-virus ? (1)

Opportunist (166417) | more than 4 years ago | (#32292190)

The one that boasts "IBM uses our solution" on their homepage. Just look around, I'm sure they wouldn't let that juicy piece of PR opportunity slip.

Re:All Anti-virus ? (1)

Demonantis (1340557) | more than 4 years ago | (#32292752)

If you want to talk serious semantics anything made before 2008 wouldn't detect it. So I would say most anti virus would not(unless the market has exploded since 2008), but the all isn't because the requirement is that they are made after 2008. Bennyboy64 just made corrected the spokes persons mistake.

Re:All Anti-virus ? (1)

saskboy (600063) | more than 4 years ago | (#32296042)

So the question is, which one was IBM using on the computer(s) loading information onto the USB drives?

It's takes 12-24 months for IBM IT to ok updates (4, Funny)

Joe The Dragon (967727) | more than 4 years ago | (#32292052)

It's takes 12-24 months for IBM IT to ok updates

Re:It's takes 12-24 months for IBM IT to ok update (3, Insightful)

EvilIdler (21087) | more than 4 years ago | (#32293190)

The parent post is modded funny, but I'm sure Joe's breaking an NDA! :P

Re:All Anti-virus ? (1)

xelan (1191065) | more than 4 years ago | (#32292382)

As I think back about a decade ago.... I seem to recall IBM offering an anti-virus app. Didn't it get absorbed by Symantec?

Re:All Anti-virus ? (0)

Anonymous Coward | more than 4 years ago | (#32292992)

It prompts the question.

It PROMPTS the fucking question!

(I know this reads like flaming, but you lose a lot of intellectual cred by fucking that one up.)

Re:All Anti-virus ? (0)

Anonymous Coward | more than 4 years ago | (#32293386)

The USB drive was most likely done by India or Argentina. Internal IBM reports show malware infection rates of 50% to 75% for most non-US IBM work locations.

Re:All Anti-virus ? (1)

ViViDboarder (1473973) | more than 4 years ago | (#32293492)

Because IBM doesn't manufacture the drives and they probably didn't plug each one in to test it...

IBM CEO (3, Funny)

dandart (1274360) | more than 4 years ago | (#32291922)

Mwuhahahahaa... destroy them all! That'll show 'em! They should've chosen OUR DOS, and we shouldn't have given them OUR PCs...

Good thing a corporation did it (4, Interesting)

British (51765) | more than 4 years ago | (#32291976)

If some individual did it, they would be in jail for a very long time. Thankfully, a 'corporation' did it, which can blame any # of people internally. Thus, no jail time for IBM. It will probably be handled in a private manner(ie nothing).

Re:Good thing a corporation did it (1, Funny)

Anonymous Coward | more than 4 years ago | (#32292640)

But but but ... the Free Market (TM) ... it will fix itself!

Re:Good thing a corporation did it (1)

bendodge (998616) | more than 4 years ago | (#32293130)

That's stupid. I've never heard of individuals getting in trouble for accidentally distributing viruses. Also, your post is worded in a very sarcastic manner to suggest that all corporations are bad, the capitalists are evil, banking is a sin, etc. Unfortunately, you did not cite anything (except your own strawman) to back up anything, it was all postulation.

As a side note, IANAL, so please do not reply by saying that I do not cite a lack of a law against accidentally giving out dirty flash drives. That's almost as hard as proving a universal negative.

Re:Good thing a corporation did it (0)

Anonymous Coward | more than 4 years ago | (#32295546)

Capitalists would gnaw into the pus filled nutsack of a dead diseased dog, if there were any money in it.

Re:Good thing a corporation did it (1)

Transaction7 (1527003) | more than 4 years ago | (#32305716)

Amen. I'm a retired lawyer who came late to the computer revolution in the eighties and none of my computerliterate friends will teach me to hack into things, write viruses and torgans, etc. and the textbook at the local university is wirtten in type too small for me to read and copy the code, but I have watched as the law got more and more to the point that, to even get exemplary damages against a corportion orLLC, etc., , now prctically always limited to three times your "economic" damages not including many very real elements of injury, loss and damage, you pretty well have to prove that the Board of Directors voted to do it at a duly called board meeting and included this in the minutes, which, of course, never happens, and getting a criminal convictin agianst a corportion is tougher yet and the fines are rounding errors in the financial statements of big corproations like IBM. You never do find out which individuals within these large entities, corporte or government, actually decided to do and did things, so as to even begin to prosecute them, even when it is part of something that cashes not just Wall Street but the real economy and hurts a lot of people. Nobody is really likely to invest the money and manpoer to track this malware exploit to its source and take real action agianst the people and corporation culpable. Another reuslt is that anything that calls itself a business corproation can rip off a million people for several hundred dollars apiece secure in the knowledge that nobody victimized can afford to get thelegla sysetem to call them to account much less put a real dent in their wallet so as to discourage future such behavior. As for our two political parties doing anything about this, both are in bed with the private-sector crooks for money and my nationally known law school dean liked to quote Will Rogers: "Whenever Congress tells a joke, it's a law, and whenever they pass a law, it's a joke." What I can't figure out about these people who write and sprad a lto of malware that doesn't capture data, etc., is what motivates and who pays them to do it?

IBM needs a new supplier... (1)

sir lox elroy (735636) | more than 4 years ago | (#32292194)

Evidently IBM bought up the unused Telestra Flash drives. Or, they have really bad luck.

Opportunity to be had (3, Insightful)

istartedi (132515) | more than 4 years ago | (#32293160)

So many USB sticks come with pre-loaded crapware/malware. In the office we would stick them in Linux machines and format them from there. If you stuck it in a Windows machine without formatting it, you spent the rest of the day auditing your machine and puzzling over what might be left on it.

The OPPORTUNITY is for a company to brand itself based on NOT HAVING CRAP on their sticks. I'm thinking Pure USB would be a nice name for such a product. I know I'd chose that over anything else if they were comparably priced. Don't get greedy and charge a premium for that. Just outsell the competition. I can't believe the kickbacks from crapware authors are that valuable.

Re:Opportunity to be had (3, Informative)

DrBoumBoum (926687) | more than 4 years ago | (#32293702)

Why not simply disable autorun?

Re:Opportunity to be had (1)

couchslug (175151) | more than 4 years ago | (#32294276)

Why give nasties ANY chance to spread?

When I get new or unknown drives I nuke 'em all out of habit. View on safe machine, nuke and pave, done.

Re:Opportunity to be had (1)

istartedi (132515) | more than 4 years ago | (#32295144)

Somebody or some thing (including Windows update) is bound to re-set your settings at some point, and re-enable autorun. Yes, locking your door is a good thing. Moving to a nicer neighborhood *and* locking your door is even better.

Re:Opportunity to be had (1, Informative)

Anonymous Coward | more than 4 years ago | (#32298692)

No, I've disabled autorun on Windows machines since 2000, and it's never been reenabled on any of them.

Re:Opportunity to be had (1)

TerranFury (726743) | more than 4 years ago | (#32295256)

I'm not positive about this, but I think the risk may be larger than just autorun. Isn't there also the "installing drivers" bit that Windows does for some hardware? I get the impression that USB devices are to some extent able to contain their own drivers that Windows will install. IIRC, users are asked for confirmation by a tooltip-bubble from the system tray, but this may not be under all versions of Windows (yes under Vista, no under XP?). I do not know how this is implemented; I'm hoping that someone who has looked more closely at this will respond...

Re:Opportunity to be had (1)

randyleepublic (1286320) | more than 4 years ago | (#32321086)

Microsoft finally admitted that autorun is a vulnerability. Does that mean it is gone from XP SP3? Nope. They want XP to look bad now, so that vista/7 don't look like the crap that they are.

Re:Opportunity to be had (0)

Anonymous Coward | more than 4 years ago | (#32295140)

Is it really that hard to find USB sticks that don't come preloaded with anything? Granted I typically buy the generic ones from microcenter as they're fairly cheap, but I've bought a couple of brand name ones and they've always arrived blank. I'm just not convinced your market isn't already saturated.

Re:Opportunity to be had (1)

Nizumzen (1343335) | more than 4 years ago | (#32303316)

Haha, your signature made me laugh. The phrase is "for all intents and purposes".

Re:Opportunity to be had (1)

ZERO1ZERO (948669) | more than 4 years ago | (#32304260)

Whooooosh!

Get used to IBM sucking (0)

Anonymous Coward | more than 4 years ago | (#32293240)

Expect more and more screw ups from IBM and far less innovation. Sam Palmisano has turned out to be one of the most short sighted CEO's in history. Even in the horrible economy we have had for the last several years he hasn't modified his $10 EPS goal. Now how he can not modify this goal? It isn't because IBM is doing really well while every other company is doing poorly. No Sam has moved every possible service offshore and mostly hired new college grads.

It is really quite amazing how countries like India get cost savings over the US. One thing India is notorious for doing is not obtaining conference numbers to hold meetings, instead they ask their US counterparts to either schedule the calls or just to use the US number. So the charge goes to the US and not to the team really using it. Now what is going to happen when the US based supports drops below a critical level and India is required to fully account for their expenses? Well it is obvious that their costs are going to shoot up.

Another thing is the huge amount of pay cuts that contractors have taken and most only work 32 hours now.

I could go on and on at how intelligent and experienced people are being forced out, but it should be obvious to anyone.

go go CISSP's (0)

Anonymous Coward | more than 4 years ago | (#32293352)

Dont they have those commercials saying they have like 15 million cissp security professionals at the front line of the cyberwar? :: rolls eyes ::

Strike up the band! (1)

Chris Tucker (302549) | more than 4 years ago | (#32294056)

"Botnets, worldwide botnets,
what kind of boxes are on botnets.'

"Compaq, HP, Dell and Sony? True!
Gateway, Packard Bell, maybe even ASUS, too!"

"Are boxes, found on botnets!
All running Windows, FOO!"

Username fail (0)

Anonymous Coward | more than 4 years ago | (#32294438)

Um...I wonder if the poster knows what a bennyboy was when he created his username bennyboy64.

so (1)

SnarfQuest (469614) | more than 4 years ago | (#32294500)

So, is there a better place to distribute malware than a security confrence?

It could be worse... (1)

Rui Lopes (599077) | more than 4 years ago | (#32294850)

... if they had distributed Melware [explosm.net] .

Blame Microsoft for their poorly-designed AUTORUN (1)

CuteSteveJobs (1343851) | more than 4 years ago | (#32300428)

Who is really to blame in this is Microsoft. Some fool of a Microsoftie decided that, by default, whenever media (CDs, USBs) was inserted into a removable drive it should run AUTORUN on that drive. It can be disabled with TweakUI (link below) but you need to be a geek to think to do it and must do it on all your machines (and possibly all accounts on your machines) and if you forget, like I did, once, whamo! You're infected. A virus scanner can help, but they won't catch the latest viruses/horses (which is exactly why cybercrooks keep writing new ones) if you set them to scan all removable drives and you plug in your 1Gb USB HDD you will be in for a long wait. Like the massive security hole that ActiveX became, Microsoft has no foresight. http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx [microsoft.com]

Old virus - new release. (1)

ananthap (971180) | more than 4 years ago | (#32303852)

It seems that IBM is not maintaining malware defintions upto date on the server from which the infected (old) malware was distributed. It is not clear from the writeup "http://www.itnews.com.au/News/175451,ibm-unleashes-virus-on-auscert-delegates.aspx" whether IBM finally reminds the users to re-enable the system restore feature. OK
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?