A reported ban by the U.S. Army on USB devices underscores the growing prevalence of USB-based malware. Researchers at Symantec say they have observed an increase in USB security threats going back at least a year.
are noting an uptick in USB-based
malware as reports surface of a U.S. Army ban on USB
devices and portable media.
According to reports on
the U.S. Army has banned the use of USB
sticks, flash media cards, CDs and other removable storage due to security
concerns and the proliferation of the Agent.btz worm
a variant of SillyFDC
that spreads by copying itself to thumb drives or other removable media.
Read more on the Wired report
News of the Army ban comes as attackers are increasingly turning to USB-based
malware. In Symantec's
Global Internet Security Threat Report Vol. XIII,
(PDF) the security
vendor noted that executable file sharing was the most common means of
malware propagation in the second half of 2007. This was done by viruses and
worms copying themselves to removable media, according to the report.
The trend has continued in October and November, with each of the five most
active pieces of malware that use the USB
attack vector increasing in prevalence. For example, VBS.Runatuo went from
roughly 2 percent of sampled malware on Oct. 1 to about four percent Nov.
"The jump in this particular type is mainly a result of malware authors
being opportunistic," said Marc Fossi, manager of development for Security
Technology and Response at Symantec.
"We've found in the past that as a
technology becomes more widespread and used by more users that malware authors
become more likely to take advantage of that technology."
There doesn't seem to be a particular group behind the increase, according
to Anthony Roe, threat analysis engineer on Symantec's Security Intelligence
Analysis Team. More likely, Roe said, it is a concept that has been
incorporated into more malicious code because of the growth in USB
use and the method's viability.
"We don't have any specific numbers on USB
device usage, but many people are using these devices to share large files that
would take too long to transfer over the network or are too large for
e-mail," Fossi said. "Also, in regions where Internet cafes and
booths are heavily used or more popular, users may store all their personal
documents on a thumb drive and plug it into the public terminal to upload or
download a file ... It's similar to the way many of the old floppy disk viruses
used to spread."
In a blog post, Symantec advised users to disable the
AutoRun functionality for removable media. In addition, businesses can set
policies that keep USB storage devices from being used, Symantec officials