IBM unleashes virus on AusCERT delegates

Powered by SC Magazine

Malware-infected USB key the culprit.

View larger image View larger image View larger image

See all pictures here »

Delegates to AusCERT, Australia's premier information security event held this week on the Gold Coast, have taken home a little of the stuff they spent the week agonising over - a virus.

In an email this afternoon, IBM advised visitors to its AusCERT booth that its complimentary USB key was infected with a virus. An IBM spokesman and conference organisers confirmed the email was genuine.

It is the second time in two years that clumsy exhibitors have infected their customers with viruses.

"At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth," IBM Australia chief technologist Glenn Wightwick wrote in an email to delegates this afternoon.

"Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected."

AusCERT coverage:

Wightwick said the malware, which dated to 2008, was detected by most anti-virus products.

"The malware is known by a number of names and is contained in the setup.exe and autorun.ini files. 

"It is spread when the infected USB device is inserted into a Microsoft Windows workstation or server whereby the setup.exe and autorun.ini files run automatically.

"Please do not use the USB key, and we ask that you return it to IBM."

IBM said in a statement that a "small number of IBM-branded USB sticks distributed to delegates at the recent AusCERT2010 conference were found to contain malware".

"IBM has immediately contacted delegates with remedial advice, and regrets any inconvenience that may have been caused," an IBM spokesman said.

To fix any damage that may be caused by using the USB key, IBM recommended:

  1. Turn off System Restore [Start - Programs - Accessories - System tools - System Restore] Turning off System Restore will enable your anti-virus software to clean the virus from your current system and any restore points that may have become infected.
  2. Update your anti-virus tool with the latest anti-virus definitions. [available from your anti-virus vendor of choice].
  3. Perform a full system scan with your anti-virustool to confirm the existence of the infection.  If malware is detected allow your anti-virus software to complete a clean.
  4. On completion of this process, complete a second scan using a different anti virus product. Free anti-virus products are available from companies such as AVG, Avira, Panda Software or Trend Micro.
  5. Once a second scan has been performed and it is determined that your workstation is free of any known malware. As a precautionary measure IBM recommended that you perform a backup of all vital files on your workstation and perform a full reinstallation of the operating system. This removes the risk of other unknown or undetected malware that may be present on your machine.

"If you experience difficulties with the above steps, please contact the IBM Security Operations Team at  An IBM technical support person will contact you by phone to assist you.

"We regret any inconvenience that may have been caused."

Infected USB keys should be returned to IBM at Reply Paid 120, PO Box 400, West Pennant Hills 2120.

Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
IBM's AusCERT 2010 stand from which it passed contaminated USB drives. photo: Nate Cochrane
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.