By Noah Shachtman
November 19, 2008
The Defense Department's geeks are spooked by a rapidly spreading worm
crawling across their networks. So they've suspended the use of
so-called thumb drives, CDs, flash media cards, and all other removable
data storage devices from their nets, to try to keep the worm from
multiplying any further.
The ban comes from the commander of U.S. Strategic Command, according to
an internal Army e-mail. It applies to both the secret SIPR and
unclassified NIPR nets. The suspension, which includes everything from
external hard drives to "floppy disks," is supposed to take effect
"immediately." Similar notices went out to the other military services.
In some organizations, the ban would be only a minor inconvenience. But
the military relies heavily on such drives to store information.
Bandwidth is often scarce out in the field. Networks are often
considered unreliable. Takeaway storage is used constantly as a
The problem, according to a second Army e-mail, was prompted by a "virus
called Agent.btz." That's a variation of the "SillyFDC" worm, which
spreads by copying itself to thumb drives and the like. When that drive
or disk is plugged into a second computer, the worm replicates itself
again - this time on the PC. "From there, it automatically downloads
code from another location. And that code could be pretty much
anything," says Ryan Olson, director of rapid response for the iDefense
computer security firm. SillyFDC has been around, in various forms,
since July 2005. Worms that use a similar method of infection go back
even further - to the early '90s. "But at that time they relied on
infecting floppy disks rather than USB drives," Olson adds.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!