A recent discovery made IBM deploy emergency warnings about a shipment of their USB drives with Storewize systems. As it was discovered, the USB sticks in question may be infected with malware.
IBM stated that the unknown number of USB sticks is infected, however, they know which models carry malware, and they urge the consumers to destroy any USB flash drive that contains Storewize initialisation tool for V3500, V3700, and V5000 Gen 1 systems.
They also stated that the infected USB sticks were all shipped with the number 01AC585.
Kaspersky Lab has done their research on the malware in question, and so far, they’ve reported that this particular malware comes from the Reconyc Trojan family. This family of Trojans is mostly known for targeting victims from India and Russia, however, infecting systems in other countries is not something it would avoid, given the opportunity.
When it comes to the malware, in this case, it’ll infect the system as soon as the Storewize initialisation tool is started, and it’ll begin its process. The first thing it does is creating a temporary folder ‘ %TMP%\initTool’ on Windows, or if you’re using Mac or Linux, then the folder will be ‘/tmp/initTool’. After creating the folder, it will copy the malicious code inside of it. Despite doing all of this, the code will still not be executed during the initialization itself, confirmed IBM.
They also advised running updated antivirus software as the best way of dealing with this malware, or it can also be removed by deleting the earlier mentioned temporary folders. In the IBM’s notice, it says that “IBM recommends ensuring your antivirus products are updated, configured to scan temporary directories, and issues identified by the antivirus product are addressed,”
Once you remove the said directory, and in case that the drive carrying the infection wasn’t already used, IBM recommends damaging the flash drive. That way, there won’t be a chance of it being reused and spreading the malware further on. On the other hand, there’s still a way of fixing up the USB stick so that it can be used again without the danger of infecting other devices.
This can be achieved relatively easily, by deleting the InitTool folder that can be found on the USB. After that, all you need to do is download the new and ‘clean’ initialisation tool package that can be found on FixCentral. Next, you’ll need to manually scan the USB via your antivirus, and when it confirms that it’s malware-free, you’re good to go.