And somewhere at IBM, an intern has been fired…

This one made me laugh heartily.  Attendees at AusCERT, and Australian computer security conference, took home complimentary USB drives from IBM, but those drives had been infected with malware.  The good news is, it was an old malware (2008) that is detected by pretty much every antivirus product out there.

OK, so it’s unfair to blame the intern.  Probably IBM ordered them and they were shipped that way from the manufacturer, but, still, that’s good stuff.  IBM did the right thing, more or less, and sent a ‘mea culpa’ email to conference attendees explaining about the infected USB drive.  They made 2 recommendations, though, that I found to be a bit over the top.

1: Return the drive to IBM.  Really?  Should any hard drive infected at any point with a virus be shipped back to the manufacturer?  Also, I would hope IBM will ship a replacement drive to anybody who does send theirs back, but that was unclear from the email.

2: This is my favorite… basically, update your antivirus, do a full system scan, clean the system if needed, then do a second scan with a different a/v product. Then..backup your data and reformat your drive.  Wait…what? I’m happy to agree with 2 antivirus scans, although that is a bit much for a 2 year old malware, but a complete reformat/reinstall?  That’s a bit heavy on the CYA, isn’t it?

Either way, it’s a good reminder to always keep your a/v software updated, and scan anything you get from anybody.  If you have the other systems available, open it up on a Linux or Mac box to see what’s on it first if you are paranoid.  If you do happen to get a USB drive at a conference, though, and it’s infected with virus/malware – calm down, scan your system, reformat the USB drive if you like, but rarely will there be a need for the over-the-top response IBM is telling people is necessary.

Oh, and, if you are handing out drives at a conference…maybe spot check a couple, just for fun.