IBM and Lenovo supplied USB sticks with malware to Storwize customers

Spread the love

IBM and Lenovo warn customers that USB sticks have been delivered that contain malware. These are USB sticks for the installation of IBM Storwize systems. Although the malware is copied to the computer, according to the manufacturers, it is not executed.

The malware was discovered by Kaspersky in 2015 and is referred to as Trojan.Win32.Recoync. At the time, the malware was mainly active in Russia and is able to make changes to the registry, modify files and install other malware.

When users use the USB sticks sent by IBM and Lenovo to initialize their Storwize device, the tool is copied to the local disk. On Windows systems, the malware resides in the %TMP%initTool folder, and on Linux and Mac systems, it is /tmp/initTool.

According to the companies, the malware is only copied, but not executed. Only if a user were to run it manually would the malware become active. The infected file does not affect the operation of the Storwize systems according to IBM and Lenovo.

It is not clear how the malware ended up on the USB sticks. IBM and Lenovo do not explain this in their announcements. Both companies sent the same USB sticks, which can be recognized by the part number 01AC585. The sticks are intended for initialization of the IBM Storwize V3500, V3700 and V5000. Those are professional NAS devices.

Several antivirus packages recognize the malware. IBM has compiled a list of packages that identify the malware and how they identify the malware. The manufacturers advise users to delete the folder and destroy the USB stick or delete the data from it as well. The manufacturers say they have taken measures so that new USB sticks no longer contain the malware.

Engine Signature Version Update
AhnLab-V3 Win32/Pondre 3.8.3.16811 20170330
ESET-NOD32 Win32/TrojanDropper.Agent.PYF 15180 20170331
Kaspersky Trojan.Win32.Reconyc.hvow 15.0.1.13 20170331
McAfee PWSZbot-FIB!0178A69C43D4 6.0.6.653 20170331
McAfee-GW-Edition PWSZbot-FIB!0178A69C43D4 v2015 20170331
Microsoft VirTool:Win32/Injector.EG 1.1.13601.0 20170331
Qihoo-360 Virus.Win32.WdExt.A 1.0.0.1120 20170331
Symantec W32.Faedevour!inf 1.2.1.0 20170330
Tencent Trojan.Win32.Daws.a 1.0.0.1 20170331
TrendMicro PE_WINDEX.A 9.740.0.1012 20170331
TrendMicro-HouseCall PE_WINDEX.A 9.900.0.1004 20170331
ZoneAlarm Trojan.Win32.Reconyc.hvow 1 20170331

Overview of antivirus programs and how they indicate the malware on the USB sticks

You might also like