In a letter obtained by website Beast or Buddha, Glenn Wightwick, IBM Australia’s chief technologist, apologized to conference attendees who received the malware infected USB drives. He said that apparently all of the USB drives handed out at the conference were infected by a type of malware, known since 2008, with a very high AV detection rate.
The USB sticks were given away to attendees of the AusCERT conference as part of a booth promotion.
For IBM, as one of the world’s largest security product providers, the news is no doubt unwelcomed. In his letter to attendees, Wightwick characterized the malware: “[it] is known by a number of names and is contained in the setup.exe and autorun.ini files. It is spread when the infected USB device is inserted into a Microsoft Windows workstation or server whereby the setup.exe and autorun.ini files run automatically”.
Wightwick would go on to implore recipients to contact their IT departments if they already installed the USB, in addition to providing steps to remove the malware. IBM is also providing support personnel to address any questions or issues arising from the infected USB drives.