ARMONK, N.Y.–IBM has published a security alert warning that some USB flash drives it shipped contain malware.
It said flash drives containing the initialization tool shipped with the IBM Storwize V3500, V3700 and V5000 Gen 1 systems contain a file that has been infected with malicious code.
The company is warning that the Initialization Tool on the USB flash drive with the part number 01AC585 that shipped with the following system models may have an infected file:
- IBM Storwize V3500 - 2071 models 02A and 10A
- IBM Storwize V3700 - 2072 models 12C, 24C and 2DC
- IBM Storwize V5000 - 2077 models 12C and 24C
- IBM Storwize V5000 - 2078 models 12C and 24C
“Neither the IBM Storwize storage systems nor data stored on these systems are infected by this malicious code,” according to the security alert. “Systems not listed above and USB flash drives used for encryption key management are not affected by this issue.”
According to the company, “when the initialization tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop during normal operation.”
IBM said that with that step, the malicious file is copied with the initialization tool to the following temporary folder:
- On Windows systems: %TMP%\initTool
- On Linux and Mac systems: /tmp/initTool
IBM said that while the malicious file is copied onto the desktop or laptop, the file is not executed during initialization.
“If you have used the initialization USB flash drive from one of the IBM products listed above and have inserted it into a desktop or laptop to initialize a Storwize system, IBM recommends you verify your antivirus software has already removed the infected file or alternatively remove the directory containing the identified malicious file,” IBM said.