Promotional USB Flash Drives At Trade Shows – Be Careful

As IBM have found out to their cost it pays to be very careful who you buy your promotional flash drives from and you need to make sure that your supplier checks the disks before they are shipped out to you.

Somewhat ironically at a Security Conference held in Australia this week IBM staff were unknowingly handing promotional flash drives with malware on them. The flash drives were distributed free to prospective customers that approached their booth. The malware is apparently known by a number of names and is contained in the setup.exe and autorun.ini files.  The malware (virus) is spread when the infected USB drive is inserted into any Microsoft Windows PC or server. On insertion the setup.exe and autorun.ini files (the virus) run automatically.

Branded Flash Drives

For those unlucky enough to have used the USB drives IBM have provided steps to deal with the problem but the fixes are not easy or straightforward and include recommendations to reinstall the core operating system on any PC that become infected.

Obviously this the wrong sort of PR for IBM and its not pleasant for anyone affected but should it put you off using flash drives as a promotional tool or accepting a flash drive from any company giving? The short answer is no. Flash drives make excellent promotional products and tens of millions of them are purchased and distributed at trade shows, seminars, conferences and fairs every year. They are incredibly useful, popular and cost effective gifts particularly if they are pre-loaded with sales material, brochures, presentation slides etc. But, we recommend a couple of important things to consider when buying your promotional flash drives:

1. Pre-loading data such as PDF’s, PowerPoint sides, spreadsheets, Word documents etc. is fine but think carefully before you ask for auto-run files to be pre-loaded onto your flash drives. Auto-run files seem like a good idea because they force the user to view your pre-loaded information but you do, as IBM have discovered, run a very small risk with auto-run files of introducing malware.
2. Choose your supplier of branded flash drives very carefully and make sure they understand the risks associated with data-loading and managing auto runs. It’s also worth checking to see what procedures they have in place to check for spurious files before they supply the flash drive to their customers.

The circumstances IBM have found themselves in are unfortunate but some basic checks before the flash drives were distributed could have avoided the issues altogether. Whilst these issues will make some companies and individuals think twice about using or accepting promotional flash drives it would be wrong to write-off one of the most popular promotional products in the market today because of one or two avoidable incidents.