[ISN] Under Worm Assault, Military Bans Disks, USB Drives

From: InfoSec News <alerts_at_private>
Date: Thu, 20 Nov 2008 01:06:31 -0600 (CST)
http://blog.wired.com/defense/2008/11/army-bans-usb-d.html

By Noah Shachtman
Danger Room
Wired.com
November 19, 2008

The Defense Department's geeks are spooked by a rapidly spreading worm 
crawling across their networks. So they've suspended the use of 
so-called thumb drives, CDs, flash media cards, and all other removable 
data storage devices from their nets, to try to keep the worm from 
multiplying any further.

The ban comes from the commander of U.S. Strategic Command, according to 
an internal Army e-mail. It applies to both the secret SIPR and 
unclassified NIPR nets. The suspension, which includes everything from 
external hard drives to "floppy disks," is supposed to take effect 
"immediately." Similar notices went out to the other military services.

In some organizations, the ban would be only a minor inconvenience. But 
the military relies heavily on such drives to store information. 
Bandwidth is often scarce out in the field. Networks are often 
considered unreliable. Takeaway storage is used constantly as a 
substitute.

The problem, according to a second Army e-mail, was prompted by a "virus 
called Agent.btz." That's a variation of the "SillyFDC" worm, which 
spreads by copying itself to thumb drives and the like. When that drive 
or disk is plugged into a second computer, the worm replicates itself 
again - this time on the PC. "From there, it automatically downloads 
code from another location. And that code could be pretty much 
anything," says Ryan Olson, director of rapid response for the iDefense 
computer security firm. SillyFDC has been around, in various forms, 
since July 2005. Worms that use a similar method of infection go back 
even further - to the early '90s. "But at that time they relied on 
infecting floppy disks rather than USB drives," Olson adds.

[...]


______________________________________________      
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Wed Nov 19 2008 - 23:06:31 PST

This archive was generated by hypermail 2.2.0 : Wed Nov 19 2008 - 23:17:33 PST