Managing enterprise deployments isn’t like handling consumer hardware. Large companies tend to have much longer deployment life cycles, they don’t like to take chances with mission-critical infrastructure, and they demand high reliability and short service times. One thing consumers and enterprise customers do have in common, however, is that shipping them malware is a really bad idea.
Last week, IBM announced that it had accidentally distributed malware to some of its Storwize customers via a USB drive. The drive contains an Initialization Tool from IBM for installing legitimate Storwize software. Affected models include:
IBM Storwize V3500 – 2071 models 02A and 10A
IBM Storwize V3700 – 2072 models 12C, 24C and 2DC
IBM Storwize V5000 – 2077 models 12C and 24C
IBM Storwize V5000 – 2078 models 12C and 24C
If your Storwize system serial number starts with 78D2, your system is not affected.
According to IBM, the malicious file is copied to a temporary file on your Windows, Mac, or Linux system as part of the Initialization Tool launch process. Once copied to your system, however, the file doesn’t seem to actually do anything. It’s not exactly a ticking time bomb, but there’s a matter of pride (and lost business) here. Distributing malware to paying enterprise customers is a bad idea no matter if the malware actually executes or not, particularly when ransomware has become such a hot business commodity and budding growth market.
Infected disk drives reportedly look like the one pictured above. If your antivirus hasn’t picked up the infection (or even if it has), you can delete the base directory by navigating to the following:
On Windows systems: %TMP%initTool
On Linux and Mac systems: /tmp/initTool
IBM recommends you either destroy the flash drive entirely so it cannot be reused or delete the folder called “InitTool” on the USB drive before downloading a new initialization tool from the aptly-named FixCentral.
Vice reached out to IBM for information on how the malware wound up on their enterprise system software distribution tools. IBM, perhaps unsurprisingly, had no reply and has not explained what the malware is intended to do. It may have been a downloader that doesn’t run properly and therefore is of little threat in and of itself. Full details on how to remove the software, information on how its detected by various antivirus applications, and additional product details can be found at IBM’s support bulletin, available here.