Symantec Sees Rise in USB-Based Malware as Reports of U.S. Army Ban Surface

A reported ban by the U.S. Army on USB devices underscores the growing prevalence of USB-based malware. Researchers at Symantec say they have observed an increase in USB security threats going back at least a year.

Researchers at Symantec are noting an uptick in USB-based malware as reports surface of a U.S. Army ban on USB devices and portable media.

According to reports on Wired, the U.S. Army has banned the use of USB sticks, flash media cards, CDs and other removable storage due to security concerns and the proliferation of the Agent.btz worm a variant of SillyFDC that spreads by copying itself to thumb drives or other removable media.

Read more on the Wired report here.

News of the Army ban comes as attackers are increasingly turning to USB-based malware. In Symantec's Global Internet Security Threat Report Vol. XIII, (PDF) the security vendor noted that executable file sharing was the most common means of malware propagation in the second half of 2007. This was done by viruses and worms copying themselves to removable media, according to the report.

The trend has continued in October and November, with each of the five most active pieces of malware that use the USB attack vector increasing in prevalence. For example, VBS.Runatuo went from roughly 2 percent of sampled malware on Oct. 1 to about four percent Nov. 12.

"The jump in this particular type is mainly a result of malware authors being opportunistic," said Marc Fossi, manager of development for Security Technology and Response at Symantec. "We've found in the past that as a technology becomes more widespread and used by more users that malware authors become more likely to take advantage of that technology."

There doesn't seem to be a particular group behind the increase, according to Anthony Roe, threat analysis engineer on Symantec's Security Intelligence Analysis Team. More likely, Roe said, it is a concept that has been incorporated into more malicious code because of the growth in USB use and the method's viability.

"We don't have any specific numbers on USB device usage, but many people are using these devices to share large files that would take too long to transfer over the network or are too large for e-mail," Fossi said. "Also, in regions where Internet cafes and booths are heavily used or more popular, users may store all their personal documents on a thumb drive and plug it into the public terminal to upload or download a file ... It's similar to the way many of the old floppy disk viruses used to spread."

In a blog post, Symantec advised users to disable the AutoRun functionality for removable media. In addition, businesses can set policies that keep USB storage devices from being used, Symantec officials said.