Feeds

IBM hands out malware-stuffed USB at security conference

Red faces at Big Blue

Secure remote control for conventional and virtual desktops

IBM has apologised after supplying a malware-infected USB stick to delegates of this week's IBM AusCERT security conference.

The unlovely gift was supplied to an unknown number of delegates to the Gold Coast, Queensland conference who visited IBM's booth. Big Blue does not identify the strain of malware involved in the attack beyond saying it's a type of virus widely detected for at least two years which takes advantage of Windows autorun to spread, as a copy of IBM's email apology published by the Beast Or Buddha blog explains.

At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected.

The malware is detected by the majority of current Anti Virus products [as at 20/05/2010] and been known since 2008.

The malware is known by a number of names and is contained in the setup.exe and autorun.ini files.  It is spread when the infected USB device is inserted into a Microsoft Windows workstation or server whereby the setup.exe and autorun.ini files run automatically.

Please do not use the USB key, and we ask that you return it to IBM at Reply Paid 120, PO Box 400, West Pennant Hills 2120.

Problems of this type occur when any one of the PCs involved in loading content onto a USB stick is itself infected with malware. This could have happened either at IBM itself or its suppliers.

Malware-infected USB incidents have cropped up at AusCERT before. Australian telco Telstra distributed malware-infected USB drives at AusCERT 2008, Secure Computing reports. ®

Remote control for virtualized desktops

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.