Large companies tend to have much longer deployment life cycles. So, they don’t like to take chances with mission-critical infrastructure. They demand high reliability and short service times. One thing consumers and enterprise customers do have in common, however, is that shipping them malware is a really bad idea.
Last week, IBM announced that it had accidentally distributed malware to some of its Storwize customers via a USB drive. Storwize the next generation software defined storage will evolve from proprietary services into a platform. This will continue to provide core data services like volume management, snapshots, data tiering but at the same time be open to additions from independent third-party solutions. The drive contains an Initialization Tool from IBM for installing legitimate Storwize software. Affected models include:
Models Effected by Malware
IBM Storwize V3500 – 2071 models 02A and 10A, V3700 – 2072 models 12C, 24C and 2DC, Storwize V5000 – 2077 models 12C and 24C, Storwize V5000 – 2078 models 12C and 24C
If your Storwize system serial number starts with 78D2, your system is not affected.
The malicious file copied to a temporary file on your Windows, Mac, or Linux system as part of the Initialization Tool launch process. Once copied to your system, however, the file doesn’t seem to actually do anything. It’s not exactly a ticking time bomb, but there’s a matter of pride here. Distributing malware to paying enterprise customers is a bad idea no matter if the malware actually executes or not. But particularly when ransomware has become such a hot business commodity and budding growth market.
Infected disk drives reportedly look like the one pictured above. If your antivirus hasn’t picked up the infection, you can delete the base directory by navigating to the following:
On Windows systems: %TMP%\initTool
On Linux and Mac systems: /tmp/initTool
Destroy, flash drive entirely so it cannot be reused or delete the folder called “InitTool” on the USB drive before downloading a new initialization tool from the aptly named FixCentral.
Vice reached out to IBM for information on how the malware wound up on their enterprise system software distribution tools. It may have been a downloader that doesn’t run properly and therefore is of little threat in and of itself. Information on how its detected by various antivirus applications, and additional product details can be found at IBM’s support bulletin.