IBM has put its customers, particularly their devices, at risk after they admittedly shipped USB Flash drives infected with a Trojan malware by accident. The infected drives were sent to some of IBM's storage hardware customers and some Lenovo devices.
The USB flash drives in question are infected with a Reconyc Trojan malware. IBM did not divulge the exact number of infected flash drives it has sent out. It did, however, say that the drives contain Storewize initialisation tool for V3500 (2071 models 02A and 10A), V3700 (2072 models 12C, 24C and 2DC) and V5000 Gen 1 systems (both 2077 and 2078 models 12C and 24C). Those who got the Storewize system with a serial number beginning in 78D2 need not worry as this does not contain the malicious file.
The malicious code is copied to a temporary file on a Mac, Windows or Linux system as the Storewize tool is being launched. As ZDNet noted, the copied file doesn't actually do anything as the code is not executed during the initialization process. However, the thought that there is some form of malware living inside one's system is not good for business, particularly on IBM's side. The said malware is common in Russia and India but has been detected in other parts of the world as well.
IBM specified that the shipping number of the infected USB drives is 01AC585. Images of the said drives are posted in this report. Those who have received the infected flash drives have a little option on how to deal with the brouhaha. The most logical action, which is something IBM strongly recommends, is to get rid of the flash drive in a safe manner. The company suggests that the owner destroys the malware-infected USB drives completely to prevent them from falling into the hands of other people unaware of the bug. Another option is to delete the InitTool folder on the infected flash drive. Once the folder is erased, users can download a new initialization tool. They can get one from FixCentral.