Tech

IBM Shipped USB Drives Filled With Malware to Customers

If you’re recently bought an IBM Storwize disk rack, you might have received an USB drive that contains the disk’s initialization tool. If you’re among some unlucky few, though, that USB drive also has malware in it.

IBM warned last week that “some” of the drives shipped to Storwize customers “contain a file that has been infected with malicious code” and these might have to be destroyed.

Videos by VICE

Read more: A Whole Lot of Nitwits Will Plug a Random USB Into Their Computer, Study Finds

When customers launch the initialization tool from the USB drive, the malware copies itself to a temporary folder into the customer’s computer. Luckily, according to IBM, the malicious file doesn’t execute and doesn’t infect the Storwize disks. It’s unclear how the malware made it onto IBM-issued USB drives. The company declined to comment when Motherboard reached it via email on Tuesday.

If you think you received one of these drives, IBM suggests you run antivirus, or remove the folder (%TMP%\initTool on Windows and /tmp/initTool on Linux or Mac) where the malware placed itself onto inside your computer.

Moreover, IBM recommends physically destroying the USB flash drive “so that it can not be reused,” or try to repair it by wiping it and disinfecting it with antivirus.

The incident seems relatively minor and IBM has done the right thing by alerting customers, but it still raises questions about the security of the company’s supply chain and distribution process for these drives, and is a reminder not to trust random USBs too much, even if they come from a reputable company.

Subscribe to Science Solved It, Motherboard’s new show about the greatest mysteries that were solved by science.