IBM has apologised after supplying a malware-infected USB stick to delegates of this week's IBM AusCERT security conference. The unlovely gift was supplied to an unknown number of delegates to the Gold Coast, Queensland conference who visited IBM's booth. Big Blue does not identify the strain of malware involved in the attack …
Fail! Fail! Fail! Fail! Fail! Fail!Fail! Fail! Fail! Fail! Fail! Fail! Fail! Fail! Fail!Fail! Fail! Fail!
You missed a Fail!
I think we need to contact the SI Unit people...
So they can provide direction on exactly how many (typed) fails equal an EPIC FAIL.
10 fails = 1 EPIC FAIL
100 fails = 1 HMRC Data Loss Event.
1000 fails = 1 LHC 'event'
10000 fails = 1 EDS Contract Award
100000 fails = 1 Sun midrange Purchase
1000000 fails = 1 Attempt by me to tabulate this text.
"You missed a Fail!"
Don't be ridiculous. That would have made no sense at all!
Variations on a theme
Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam!...
Skol! Skol! Skol! Skol! Skol! Skol! Skol! Skol! Skol! Skol!...
But did IBM
IBM didn't. Bdm tish.
I thank you. (Arthur Askey stylee)
but AJ did miss a space, "Fail! Fail!" not "Fail!Fail!"
title! title! title!
You now know which one you missed.
What is the problem?
It was a security conference the delegates should have detected the malware within nanoseconds.
What can I say?
1. You don't need to worry, because it is "a type of virus widely detected for at least two years " (unless you run the same anti-virus software as IBM, obviously.
2. Windows autorun - A G A I N !!! ???
What the FK is this carp still doing there? Especially after all the marketing carp about secure computing?
Here buy this lock for your front door. It makes things very convient for you because it also opens the door for you. If anyone else walks anywhere near it (thieves, criminals, rapists, politicians...), it automatically opens letting them in too.........
I had to laugh
$MEGACORP's latest laptop image had autorun turned on, and because they enforce the image settings every time I logged onto the company network it got turned back on again.
Oh how I laughed.
Autorun is not to blame...
because if it the stick wouldn't autorun, the user would promptly seek setup.exe and execute it manually.
To me, it seems the "latest laptop image" did not have any AV installed (not even Microsoft's free one!). Time for Big Blue to buy a small AV company...
International Business Malware
Don't be daft.
It's been "I've Been Mugged" for a long time! (or even one I coined when working in an IBM support centre - "It's Broken Mate!" )
There's a lot of these been going about for donkeys years (oops, 'donkeys' is not a valid REG unit for time yet, is it)
People still have that turned on? Kee-ryst! One of the first things I disable (thanks "Tweak UI" you can nail it properly too).
Sure, mount it. Let me know it's connected. But don't run anything until I tell you to!
Welcome to the corporate world!
As mentioned above, many corporations (mine included) reset your laptop's settings every time you boot up.
Yes, I have TweakUI, and I turn off focus-grabbing ("If I want to pay attention to you, I'll darned well click on you. Otherwise, leave me alone!") and auto-run, only to find them turned back on every time I reboot.
I eventually gave up, figuring if my company wants to pay me to waste my time watching windows grab focus, and introduce viruses into their infrastructure, it's their business.
> Big Blue does not identify the strain of malware involved in the attack beyond saying it's a type > of virus widely detected for at least two years which takes advantage of Windows autorun to
That'll be Conficker.B then
I concur, Dr. Brush
That was my diagnosis too.
Send it back?
Why would anyone go to the trouble of sending it back? Either bin it or put it in a computer that isn't insecure and reformat it!
No doubt ...
... it was a clever ruse to select the subset of attendees who really DID need to receive the latest IBM security sales literature.
Not the first time.....
.... AusCERT 2008, Telstra (arguably Australia's largest telco) did the same thing - USB keys handed out from opening - 2 hours later, embarrassing announcement over PA system requesting the return of all Telstra USB keys due to a malware infection .... and they were trying to highlight their secure services!!!!!!!
And heres one we prepared earlier.....
Please accept this single to Hull please. All abord the Fail Bus!
Is was just a test!
No really we were just testing you! Honest!
Unlikely to have caused any consequences
I mean that was a virus which used a flaw only apparent in a _few_ versions of one of very many operating systems. It's very unlikely, especially at a Security conference that any of the people there had the propper equipment to execute that virus on their main systems.
Theory: all managers on junkets got pwned. None of the real techs there had any problems or even noticed it beyond OK'ing quarantine.
Gotta love this method of sorting the wheat from the chaff. Big thumbs up for Big Blue! Will try this method at our next company meeting...
Where's the problem?
I've received quite a few freebie pendrives over the last few years. They're very handy, and free is hard to beat. Most are pre-printed with company logos, but I have a couple where the logos peeled off to reveal major manufacturers' names. Nice.
Hardly need to add that they always get reformatted immediately. Autorun? You're joking of course. Free software? Well we know what that's likely to be worth if it's being handed out at a trade stall,even if there's no malware.
Take the freebies (get your friends to get extras for you), reformat them immediately and run. Where's the problem?
IBM had again!
Back in the '80's when I worked for IBM they had really bad V rus problems in a hard-drive plant, turned out to be a peado in the dept duplicating discs to post out... Idiot Bloody Management then as now, with their heads up their arses and the I'm Bloody Marvelous attitude.
Would you like spies with that?
Reformat on any linux machine. Or just remove the malware files.
My company is full of IBM malware too...
TSM, Tivoli ITM, Clearcase, Lotus, AIX, DB/2.....
Now how did that all fit on a usb stick?
what are the chances...
of TWO incidents of malware on a USB key at the same security conference, two years apart?
..is the single stupidest idea MS ever implemented. Disappointingly Ubuntu does the same, and it would be trivial to exploit in terms of automatically running something to do a job in your home directory. We do however at least have the advantage that doing anything really damaging would require the user to enter their password, and if they're that bloody daft then there's nothing you can do to protect them. Still, would be nice to default to no auto run, it's be one less job to do after install.
Personally, I think Active X was worse.
On the other hand, I do think that people running with;-
1) Autorun enabled
2) An unpatched windows install
3) No Anti Virus
4) No software restriction policy
deserve what they get.
And in Windows too these days...
...unless you've turned UAC off because it was "annoying". OK, no password required if you're running as admin, but that would put you in the same camp as a Linux user running as root.
And I'm feeeling Blue!
What took so long?
I am curious as to why it took til Friday night, 2 days after the main conference is over to get the message out! I have seen the Sophos note confirming that there was bad stuff on the stick but I have not seen any reports of punters who caught something from a contaminated stick.
My first thought was "Priceless" and then I saw "security conference" and I knew I was in the presence of a Fail beyond human comprehension.
Wasn't that a...
MetaDefender for Media
this could have been prevented if they were scanning thier USB using several antivirus enginers
MetaDefender for Media is one option http://www.opswat.com/products/metadefender-for-media
http://www.filterbit.com is another
Better Release Management Practices Needed
Seems to me that Release Managers of products (even of freebies) should be scanning the digital content of the package with multiple anti-malware products BEFORE release. IBM's own email that provided self-help procedures to USB recepients essentially advocated using at least 2.