IBM USB Flash Drives contains Malware

 

IBM has issued a warning to users about their USB flash drives are containing malicious malware. The company urged infected USB flash drives should be immediately destroyed. The devices containing malicious malware are IBM Storwize V3500, V3700 and V5000 according to IBM support.

 

The company said that; flash drives containing the number 01AC585 are infected with a malicious file and should not be used by any of their customers. If any of its customers uses these infected USB flash drives and runs Storewize installation tool. The malware will enters the user’s computer and have the ability to run automatically. It will copy a malicious code in the user’s computer.

The malware copies following malicious code in Windows OS users   ( ‘ %TMP%\initTool’  ) while; it will copy the ( ‘/tmp/initTool’  ) code in Linux or Mac OS users.

The malicious malware is the part of Reconyc Trojan malware family according to the report from Kaspersky. It is used by the hackers to install additional software in infected computers. This malicious malware in past few years has targeted many computers in Russia, India, USA and Germany. Reconyc has the capability to run itself once the user log-in their computers. It decrypts itself and launches various programs automatically once performing extraction for its resource section.

Recommended steps by IBM

The company has recommended the customers to take either one of the following steps in order to secure their computer from this malicious malware from Reconyc family.

  1. Destroy the USB fash drives containing the number 01AC585.
  2. The second one is a little bit tricky because you have to remove the malware manually in order to rescue it. The user need to delete the “InitTool” from USB flash drive and all other files inside the drive. The user should make sure that the files aren’t in recycle bin. After deleting the files Manually scan the USB flash drive and make sure the your antivirus is updated.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *