IBM hands out infected USB drives at security conference
At this week's Asia Pacific Information Security Conference in Australia, IBM handed out infected USB Flash drives to attendees. The incident is revealed in an email sent by IBM to all delegates to the conference which has been published on the Beast Or Buddha blog. The email suggests that all USB drives handed out from the IBM booth are infected with a piece of malware that was first detected in 2008. The malware is contained in the setup.exe file and – unless detected and blocked by anti-virus software, runs automatically when connected to a Windows workstation or server.
In case of infection, the email includes instructions for disinfecting systems. IBM says that it "regrets any inconvenience that may have been caused". The company has not revealed how the malware came to be on the USB drives and has not responded to speculation that it wanted to test the security measures employed by visitors to the conference.