IBM unleashes virus on AusCERT delegates

Malware-infected USB key the culprit.

APCERT won AusCERT's award for organisational excellence.	Cybercop Brian Hay picks up one of two AusCERT awards he won on the night.	AusCERT IT services director Nick Tate enjoys the masquerade ball at the SC Awards.
See all pictures here »

Delegates to AusCERT, Australia's premier information security event held this week on the Gold Coast, have taken home a little of the stuff they spent the week agonising over - a virus.

In an email this afternoon, IBM advised visitors to its AusCERT booth that its complimentary USB key was infected with a virus. An IBM spokesman and conference organisers confirmed the email was genuine.

It is the second time in two years that clumsy exhibitors have infected their customers with viruses.

"At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth," IBM Australia chief technologist Glenn Wightwick wrote in an email to delegates this afternoon.

"Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."

AusCERT coverage:

• AusCERT 2010 reflections: Superstars and iPads
• PHOTO GALLERY: On the floor at AusCERT 2010
• PHOTO GALLERY: SC Award winners presented at AusCERT
• Top security professionals awarded at AusCERT
• Telstra looks to offer security as a service
• Security experts ponder the cost of cloud computing
• Duo signs 'brute force' resistant hard-drive vendor

Wightwick said the malware, which dated to 2008, was detected by most anti-virus products.

"The malware is known by a number of names and is contained in the setup.exe and autorun.ini files. 

"It is spread when the infected USB device is inserted into a Microsoft Windows workstation or server whereby the setup.exe and autorun.ini files run automatically.

"Please do not use the USB key, and we ask that you return it to IBM."

IBM said in a statement that a "small number of IBM-branded USB sticks distributed to delegates at the recent AusCERT2010 conference were found to contain malware".

"IBM has immediately contacted delegates with remedial advice, and regrets any inconvenience that may have been caused," an IBM spokesman said.

To fix any damage that may be caused by using the USB key, IBM recommended:

1. Turn off System Restore [Start - Programs - Accessories - System tools - System Restore] Turning off System Restore will enable your anti-virus software to clean the virus from your current system and any restore points that may have become infected.
2. Update your anti-virus tool with the latest anti-virus definitions. [available from your anti-virus vendor of choice].
3. Perform a full system scan with your anti-virustool to confirm the existence of the infection.  If malware is detected allow your anti-virus software to complete a clean.
4. On completion of this process, complete a second scan using a different anti virus product. Free anti-virus products are available from companies such as AVG, Avira, Panda Software or Trend Micro.
5. Once a second scan has been performed and it is determined that your workstation is free of any known malware. As a precautionary measure IBM recommended that you perform a backup of all vital files on your workstation and perform a full reinstallation of the operating system. This removes the risk of other unknown or undetected malware that may be present on your machine.

"If you experience difficulties with the above steps, please contact the IBM Security Operations Team at secops@au1.ibm.com.  An IBM technical support person will contact you by phone to assist you.

"We regret any inconvenience that may have been caused."

Infected USB keys should be returned to IBM at Reply Paid 120, PO Box 400, West Pennant Hills 2120.