Worm Spreading via Mobile Device

The US DOD is having issues with the Agent.btz worm.

http://blog.wired.com/defense/2008/11/army-bans-usb-d.html

The problem has gotten so bad that they have banned the use of all portable media while they get a handle on the situation.  The malware infecting the computers is called Agent.btz, a variant of the SillyFDC worm. It spreads by copying itself onto USB drives and other removable data storage devices and infecting the next device they are attached to.  Thumb drives, iPods, phones, CD’s, portable HD’s, etc. are commonly used in all organizations.  The kicker here is that most System AV and Spyware Protection programs have had defenses built in for this malware for about 5 months.  It begs the question, “what is the DOD using to defend their individual systems”.  Attacks towards end points is the focus of the majority of attacks these days.  As a result, we have to do much more than we are doing today.  Sure, AV will work to protect some things (as long as it is up-to-date unlike the DOD), but there are many types of attacks that AV will not detect or stop.  I am a big proponent of patch management (on all OS’s and all apps, not just Microsoft), host based intrusion detection and prevention, policy scanning, log management and monitoring (SEIM), and of course remote data backup and recovery when all else fails.