IBM hands out malware-stuffed USB at security conference

What can I say?

1. You don't need to worry, because it is "a type of virus widely detected for at least two years " (unless you run the same anti-virus software as IBM, obviously.

2. Windows autorun - A G A I N !!! ???

What the FK is this carp still doing there? Especially after all the marketing carp about secure computing?

Here buy this lock for your front door. It makes things very convient for you because it also opens the door for you. If anyone else walks anywhere near it (thieves, criminals, rapists, politicians...), it automatically opens letting them in too.........

Not Identified

> Big Blue does not identify the strain of malware involved in the attack beyond saying it's a type > of virus widely detected for at least two years which takes advantage of Windows autorun to

> spread

That'll be Conficker.B then

Send it back?

Why would anyone go to the trouble of sending it back? Either bin it or put it in a computer that isn't insecure and reformat it!

Not the first time.....

.... AusCERT 2008, Telstra (arguably Australia's largest telco) did the same thing - USB keys handed out from opening - 2 hours later, embarrassing announcement over PA system requesting the return of all Telstra USB keys due to a malware infection .... and they were trying to highlight their secure services!!!!!!!

(untitled)

And heres one we prepared earlier.....

Please accept this single to Hull please. All abord the Fail Bus!

IBM had again!

Back in the '80's when I worked for IBM they had really bad V rus problems in a hard-drive plant, turned out to be a peado in the dept duplicating discs to post out... Idiot Bloody Management then as now, with their heads up their arses and the I'm Bloody Marvelous attitude.

WTF

Would you like spies with that?

Linux

Reformat on any linux machine. Or just remove the malware files.

My company is full of IBM malware too...

TSM, Tivoli ITM, Clearcase, Lotus, AIX, DB/2.....

Now how did that all fit on a usb stick?

what are the chances...

of TWO incidents of malware on a USB key at the same security conference, two years apart?

Autorun

..is the single stupidest idea MS ever implemented. Disappointingly Ubuntu does the same, and it would be trivial to exploit in terms of automatically running something to do a job in your home directory. We do however at least have the advantage that doing anything really damaging would require the user to enter their password, and if they're that bloody daft then there's nothing you can do to protect them. Still, would be nice to default to no auto run, it's be one less job to do after install.

Sings :

And I'm feeeling Blue!

Blue icon!

What took so long?

I am curious as to why it took til Friday night, 2 days after the main conference is over to get the message out! I have seen the Sophos note confirming that there was bad stuff on the stick but I have not seen any reports of punters who caught something from a contaminated stick.

MetaDefender for Media

this could have been prevented if they were scanning thier USB using several antivirus enginers

MetaDefender for Media is one option http://www.opswat.com/products/metadefender-for-media

http://www.filterbit.com is another

Better Release Management Practices Needed

Seems to me that Release Managers of products (even of freebies) should be scanning the digital content of the package with multiple anti-malware products BEFORE release. IBM's own email that provided self-help procedures to USB recepients essentially advocated using at least 2.