By Maxwell Cooter
21 May 10
You might get more than you bargained for if you attend a security
conference. IBM shocked delegates at the Australian AusCERT conference
in Queensland by handing out USB sticks infected with malware.
The company was forced to write to delegates apologising for its error.
"At the AusCERT conference this week, you may have collected a
complimentary USB key from the IBM booth. Unfortunately we have
discovered that some of these USB keys contained malware and we suspect
that all USB keys may be affected."
It was actually worse than IBM intimated. To make it doubly
embarrassing, according to security company Sophos, the company included
two examples of malware: W32/LibHack-A. and W32/Agent-FWF.
Sophos's senior technology consultant, Graham Cluley had a guess how the
error occurred. "My guess is that they didn't check the USB sticks
before handing them out. Maybe they out-sourced the creation of the USB
content to a third party, and they weren't careful enough. After all, if
an infected PC was used to create the "image" of the USB drive then it
would have been easy for that disk image to be infected and copied onto
every USB stick they handed out."
Best Selling Security Books and More!
Shop InfoSec News