IBM distributes USB malware cocktail at AusCERT security conference

Graham Cluley

Sheesh. This must rank as one of the most embarrassing things a security company can do at a security conference.

IBM has admitted that the complimentary USB drives it handed out this week at the AusCERT conference on the Gold Coast, Queensland, were infected by not one, but two pieces of malware.

Analysts at SophosLabs have analysed samples of the USB stick in question, and can confirm that the devices are indeed infected. You should exercise care if you plug the device into your computer, since it is an autorun worm – which means it will launch when inserted into a computer if autorun/autoplay is enabled.

In what must have been a highly embarrassing admission, IBM Australia sent an email to all AusCERT attendees warning them of the security screw-up.

Part of the email read:

At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.