For a little bit of background, check this blog entry from Nov 21st, 2008.
According to Wired (Nov 19th)....The problem, according to a second Army e-mail, was prompted by a "virus called Agent.btz." That's a variation of the "SillyFDC" worm, which spreads by copying itself to thumb drives and the like.
According to Sophos, the version of Agent.BTZ detected in 2007 does not infect other filesystems (which would include USB drives)...so the version detected by the military might be a new or customized version.
While keeping track of virus names can be very difficult (as different companies use different names for the same piece of malware), Kaspersky Labs seems to think that Agent.BTZ might have originally came out of China.
In my mind, we are looking at one of two scenarios....
- An employee (or consultant/contractor) become infected outside the military network and the malware was accidentally passed into the military network...by laptop or removable drive. This would mean it wasn't a direct attack using customized malware against the military network. The question of why anti-virus did not catch the bug quickly...would remind open.
- A group created a customized piece of malware (making it undetectable) and targeted the military network. The purpose might be to steal files and pull data out of the network....just like the attacks that have been made public in recent years.
But I am only taking an educated guess.....we may never know....
No comments:
Post a Comment