Security News

DoD responds to elderly worm by yanking removable media

By Angela Gunn | Published November 24, 2008, 4:29 PM

The Department of Defense has allegedly responded to an infection by a variant of the elderly W32.Silly worm by banning the use of removable media -- thumb drives, flash memory cards for cameras, and all.

SillyFDC, to give it perhaps more attention than it's worth, installs itself in the Windows registry and watches for removable storage to infect, copying itself to "Lcass.exe" and dropping a file called "autorun.inf" on the removable drive. The version affecting Armed Forces machines, however, is rumored to be a variant of Agent-EMB, which also installs itself in the registry but has no particular interest in removable drives -- a hint that SillyFDC might merely be the delivery device, not the true problem.

But SillyFDC's not really the problem in any case -- just the pebble that sets off a long-overdue avalanche.

A memo dated November 15 from Strategic Command (USSTRATCOM) directs all hands that "effective immediately, the use of memory sticks, thumb drives and camera flash memory cards is suspended in DoD NIPRNet systems." (NIPRNet is the network used for sensitive-but-unclassified communications, and as a gateway to the larger public Internet; it superseded MILNET back in the '90s.) According to information first received by Wired, the ban also applies to SIPRNet (Secret Internet Protocol Router Network), the network handling classified materials.

The memo notes that over time, Defense hasn't been able to keep up with the attack surface provided by removable media, and that "only through a layered defense of training, technology, procedures and personal recognizance can we regain the high ground."

Not currently on the high ground? And how. W32.Silly may be a relatively harmless little pest -- it's mainly designed to replicate itself, even if it can be (and maybe has been) reworked to carry payloads. But reports of rampant removable-media disappearances have been enough to send chills down the spine, especially when -- as is the case in the bazaars just outside the US military base and airfield in Bagram, Afghanistan -- it just keeps happening, after years of containment effort.

The memo acknowledges that the new directive is going to be a piece of misery for those affected, saying, "Adhering to this policy and enforcement of these standards will be challenging. However, the cost of ignoring is even greater and will continue to put our networks and warfighters at risk."

Many field operations use thumb drives and the like, since conditions in difficult areas provide minimal access to networks -- and since computers can be stolen too.

Since such drives are crucial in those circumstances, it's believed that the DoD is working out the details of a plan to scan, certify, and upgrade protections on a limited number of removable devices. GI Joe, however, will not be getting his nerd stick -- and maybe, the right to update his iPod -- back for the foreseeable future.

Comments

View comments by with a score of at least

Avion Airplane
Nov 25, 2008 - 10:55 AM

Guess im gona have alot of thumb drives........

Score: 0

|
Post Reply
foxfyre
Nov 25, 2008 - 2:35 AM

She said "yanking".... ;-)

Score: 0

|
Post Reply
mjm01010101
Nov 24, 2008 - 7:30 PM

Sounds like a decent plan. There are entire software suites devoted to locking down removeable ports, and this example is why.

Score: 0

|
Post Reply
artfuldodga
Nov 24, 2008 - 5:02 PM

they are banning everything, including CD's? its no wonder the war was lost to begin with.

Score: 0

|
Post Reply
cwfrizzell
Nov 24, 2008 - 6:44 PM edited

@artfuldodga

CD's aren't banned, nor are USB hard drives purchased by DoD agencies for DoD operations, apparently, as I was advised at work today.

Score: 0

|
Post Reply
ladylust
Nov 24, 2008 - 6:54 PM

Lost.. wow I guess you havent been watching the news.... LOL cd's are the reason? WOW

Score: 0

|
Post Reply
Angela Gunn
Nov 24, 2008 - 7:15 PM

Hi cwfrizzell! My understanding is that the DoD is currently working out plans for those purchased USB drives, and that the ban covers any writable, removable media (so not so much the CDs, unless there's some provision tucked away in a subsequent memo re writeables?) -- but that there remains some concern over even authorized thumb drives walking out the door and into, for instance, the bazaars of Bagram. Curious to hear if that meshes with what you were told today -- and if anyone you know has brought up the iPod/phone problem (since those devices can be used for storage, and can be attached to a computer). Was pondering all my USB-dependent devices as I set to writing this today, and frankly I'd find kicking the habit rather more than "challenging" -- good luck to all y'all with that.

Score: 0

|
Post Reply
Andreas2000
Nov 25, 2008 - 6:52 AM

IIRC CD-Burners where refered to as WORM drives in ye olden days ;)

WORM = write once read many..

Score: 0

|
Post Reply
BAlGaInTl
Nov 25, 2008 - 8:34 AM

It is currently for all "flash" based media that is used via USB. It has always been against the rules to hook up your own personal device. The DoD can confiscate anything that is hooked up to their network including your precious iPhone.

What I find ironic is that portable USB hard drives are not part of the ban. As far as the computer is concerned, flash drive and external hard drive are essentially the same thing.

Currently, we have switched to using CDRW media at the moment. It is a bit more of a hassle, but it allows us to get the work done.

Score: 0

|
Post Reply

Will Firefox beat IE9 to Direct2D rendering?

Just days after Microsoft executives gave conference attendees a peek at a new rendering technology, a Mozilla contributor revealed he's working on the same thing.

AOL's decision to rebrand as Aol. takes a bad brand and makes it worse

The idea behind the social Web is to crowd source before bringing out something new. But not at AOL, which new logo debuted with a cry of "fail!" across the blogosphere and Twittersphere today.

Microsoft's Bob Muglia and Ray Ozzie on Silverlight vs. standards

Bob Muglia: "We're trying to provide people with an environment that has capabilities that you just simply can't do today in the standards-based world."

Uh-oh, netbooks -- not Windows 7 -- will lift 2009 PC sales

Santa may bring a lump of coal to the Windows PC industry this holiday season. Netbook sales will sap PC margins, while weak Windows 7 PC sales could further drive down average selling prices.

Kindle 2 update adds battery life, native PDF reader

Amazon has pushed out an update to the Kindle 2 e-reader that lengthens battery life and adds a native PDF viewer.

Safari on iPhone gets competition from a $1 browser app

Apple likes to say it gives iPhone users a full browsing experience, but a new competitor tries to incorporate more desktop browser features.

Action Replay maker sues Microsoft for Xbox 360 'predatory technological barriers'

Third-party video game accessory maker Datel has filed an antitrust lawsuit against Microsoft over the Xbox 360's recent Dashboard update.

Where there's smoke: Apple warranty stance raises troubling questions

Carmi Levy | Wide Angle Zoom: Smoking can be dangerous not only for your lungs, it appears, but for your Apple hardware warranty.

Microsoft's .NET Micro Framework is now free and open source

The latest version of Microsoft's .NET Micro framework is now in the hands of the FOSS community.

Google's value proposition for Chrome OS: Should we feel insulted?

For a search engine that has direct access to all the world's online history, it appears to have taught Google nothing about selling a machine.

E-book readers will be in short supply this holiday season

E-readers are hot this year, and a lot of compelling new products have been released, but are there enough electrophoretic displays to go around?