14 DAY TRIAL // Unsuccessful in stopping the rapid spread of a variant of the SillyFDC worm, the Commander of the U.S. Strategic Command has resorted to unprecedented measures, and signed an order that prohibited the use of all flash memory cards, optical disks, thumb drives, and any other removable storage devices on both the army's classified and unclassified networks, effective immediately.
SillyFDC is a computer worm capable of propagating itself via removable USB devices and other storage media like CDs, DVDs etc. Once such compromised device is connected to a computer, the worm will proceed to infecting the operating system, and it will copy itself to other clean similar devices to be used in the future on the machine. The worm is also able to download other malware from the Internet onto the infected systems.
This threat poses a serious issue to the Army, where removable media is actively used for sharing sensitive data, instead of being sent over networks that could be compromised. In addition, connecting to the Internet, while on field for various missions, is not always an option. According to Wired, an e-mail from a Michigan Army National Guardsman, outlined the severity of the situation. "This has been briefed to the CoS of the ARMY. This is not just a problem for Michigan, and is affecting operations around the world. This is a very serious threat and should be treated as such," reads the e-mail.
This is just a temporary suspension, and the Army plans to introduce government-authorized devices back, based on priorities and in a controlled fashion, but personally-owned devices are likely to remain banned. In order to make sure that the military personnel and troops conform themselves to the new situation, the IT security teams will run scans on both the NIPRNET (unclassified) and SIPRNET (secret) networks, to detect malware and such devices. "Any discovery of malware will result in the opening of a security incident report, and will be referred to the appropriate security officer for action," notes an internal e-mail.
“Any storage device, which is attached to a computer, should be checked for virus and other malware before use. I would recommend that computer users disable the autorun facility of Windows, so removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC,” says Graham Cluley, senior technology consultant at Sophos. As history shows, such devices are not only responsible for propagating malware on networks, but are also a vital factor in many security breach incidents that resulted in data loss. Because of this, the use of personally-owned and uncontrolled storage devices by employees, on the internal network, should be prohibited in any organization, governmental or otherwise.