Big mistake by Big Blue: Storwize initialisation USBs had malware
The IBM arrays are okay, but the PC you used to set up the array might be in trouble
Big Blue is red-faced after shipping malware-infected initialisation USBs for its Storwize disk racks.
The company is therefore strongly suggesting users "Securely destroy the USB flash drive so that it can not be reused." Either that or wipe it, disinfect anything it touched and cross your fingers. Then download the files you need and start again.
The trojan in question goes by various names. Kaspersky's description says it's a dropper that installs itself in a temporary folder, and on execution, download other malware.
If your Storwize config USB matches this, kill it with fire
The dodgy USBs have the part number 01AC585, and may have shipped with the Storwize V3500 model 2071 01A and 10A; V3500 model 2072 12C, 24C and 2DC; V5000 model 2077 12C and 24C; and V5000 model 2078 12C and 24C.
The malware didn't land on the storage systems themselves, but rather on the laptop or desktop used to configure them: “the malicious file is copied with the initialization tool to the following temporary folder:
On Windows systems: %TMP%\initTool
On Linux and Mac systems: /tmp/initTool”.
Affected users need to run their anti-virus (there's a list of anti-virus software that detect it in IBM's post), and make sure the temporary directories are deleted. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- IBM Watson
- IBM Z
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust