Second Aussie news story of the day, with IBM today apologising having supplied a malware-infected USB stick to delegates attending this week’s IBM AusCERT security conference in Queensland.

An unknown number of delegates picked up the sticks after visiting IBM’s booth at the conference and while the company wouldn’t identify the strain of malware involved in the attack, they did say that it’s “a type of virus widely detected for at least two years which takes advantage of Windows autorun to spread”.

An official IBM apology reads as follows:

“At the AusCERT conference this week, you may have collected a complimentary USB key from the IBM booth. Unfortunately we have discovered that some of these USB keys contained malware and we suspect that all USB keys may be affected.

The malware is detected by the majority of current Anti Virus products [as at 20/05/2010] and been known since 2008. The malware is known by a number of names and is contained in the setup.exe and autorun.ini files.  It is spread when the infected USB device is inserted into a Microsoft Windows workstation or server whereby the setup.exe and autorun.ini files run automatically.

Please do not use the USB key, and we ask that you return it to IBM at Reply Paid 120, PO Box 400, West Pennant Hills 2120.”

It’s embarrassing sure but fair dues to IBM for owning up.