Lenovo has issued a security advisory notifying customers that the initialisation tool shipped on a USB stick for the Lenovo V3500, V3700 and V5000 Gen 1 storage systems manufactured by IBM comes a file that has been infected with malicious code.
The USB flash drive in question is designated as part number 01AC585. It shipped with the following systems:
- IBM Storwize V3500 - 2071 models 02A and 10A
- IBM Storwize V3700 - 2072 models 12C, 24C and 2DC
- IBM Storwize V5000 - 2077 models 12C and 24C
- IBM Storwize V5000 - 2078 models 12C and 24C
IBM Storwize Systems with serial numbers starting with the characters 78D2 are not affected.
Lenovo says the file in question is copied to a temporary folder on Windows, Mac and Linux systems but requires a user to execute the file for it to have any effect. The file is not used during the initialisation process for the affected products.
The files is copied to %TMP%\initTool on Windows systems and /tmp/initTool for Mac and Linux.
Removing the malware is a matter of deleting the affected folders.
Comments
Why the fuck do you have anything on your USB sticks ever? Sell them blank. I don't want your shitty software to auto start on them at all.
Seems like at least once a year Lenovo are busted selling hardware with Malware straight from the factory.
What the hell is going on in their factory????
Join the discussion!
Comment Voting
Up Votes
Down Votes
Only logged in users may vote for comments!
Please log in or register to gain access to this feature.
Get Permalink