IBM is urging customers to destroy flash drives it shipped to storage system customers because they contain malware.
The company warned in an advisory Tuesday that an unspecified number of USB flash drives shipped with the initialization tool for Storwize systems contain malicious code. IBM instructed customers who received the V3500, V3700 and V5000 Gen 1 systems to destroy the drive to prevent the code from replicating.
“When the initialization tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop during normal operation,” IBM said in its advisory.
The malicious code is part of the Reconyc Trojan
IBM said that while the malware is copied onto the victim’s device, the malicious code is not executed during initialization.
IBM recommends users who have already inserted the drive into their systems run an antivirus system to remove the malware. Users can also remove the directory containing the identified malicious file.
It wasn’t immediately clear how the malware landed on the flash drives. IBM didn’t immediately respond to a request for comment.