IBM Distributes USB Malware At Security Conference 73
bennyboy64 and other readers let us know that
IBM sent out an email to all attendees to the Australian Computer Emergency Response Team (AusCERT) 2010 conference, warning them that some of the USB drives handed out to delegates contained malware. Fortunately it was old malware, which all anti-virus products have detected since 2008. Two years ago telecommunications company Telstra distributed malware-infected USB drives at the same conference.
wtf? (Score:4, Insightful)
Seriously. Come on IBM. You're one of the biggest names in the industry, you hold thousands of patents...and you can't ensure you give devices that have already been secured to conference goers? ::obligatory::
We can go to the moon...
Re:wtf? (Score:3, Insightful)
Seriously. Come on IBM. You're one of the biggest names in the industry, you hold thousands of patents...and you can't ensure you give devices that have already been secured to conference goers?
My first assumption (without RTFA) is that they would have outsourced it.
All Anti-virus ? (Score:4, Insightful)
If all Anti-virus products have detected this one since 2008 it obviously begs the question, why didn't IBM's?
Re:wtf? (Score:0, Insightful)
While I won't justify IBM's goof, it's fair to say that slips like this happen. What can you do about it? Set up a procedure so that everything going out the door has to pass certain checks? I dare say that the solution would be much worse than the problem.
Besides, it makes for a nice Slashdot discussion with jokes and all.
Opportunity to be had (Score:4, Insightful)
So many USB sticks come with pre-loaded crapware/malware. In the office we would stick them in Linux machines and format them from there. If you stuck it in a Windows machine without formatting it, you spent the rest of the day auditing your machine and puzzling over what might be left on it.
The OPPORTUNITY is for a company to brand itself based on NOT HAVING CRAP on their sticks. I'm thinking Pure USB would be a nice name for such a product. I know I'd chose that over anything else if they were comparably priced. Don't get greedy and charge a premium for that. Just outsell the competition. I can't believe the kickbacks from crapware authors are that valuable.
Re:It's takes 12-24 months for IBM IT to ok update (Score:4, Insightful)
The parent post is modded funny, but I'm sure Joe's breaking an NDA! :P
Re:wtf? (Score:1, Insightful)
How would you scan a USB drive without first sticking it into a computer?