“Agent.BTZ”的意思、由来-开放百科全书

Agent.BTZ, also named Autorun,^[1]^[2] is a computer worm that infects USB flash drives with spyware. A variant of the SillyFDC worm,^[3] it was used in a massive 2008 cyberattack on the US military.

Technical description

The Agent.BTZ worm is a DLL file, written in Assembler (x86-32 bit).^[4] It spreads by creating an AUTORUN.INF file to the root of each drive with the DLL file.^[5] It has the ability "to scan computers for data, open backdoors, and send through those backdoors to a remote command and control server."^[3]

History

In 2008 at a US military base in the Middle East, a USB flash drive infected with Agent.BTZ was inserted into a laptop attached to United States Central Command. From there it spread undetected to other systems, both classified and unclassified.^[6] In order to try and stop the spread of the worm, the Pentagon banned USB drives and removable media device. They also disabled the Windows autorun feature on their computers.^[3] The Pentagon spent nearly 14 months cleaning the worm from military networks.^[3]

Attribution

Russian hackers were thought to be behind the attack because they had used the same code that made up Agent.BTZ in previous attacks.^[7] According to an article in The Economist, "it is not clear that agent.btz was designed specifically to target military networks, or indeed that it comes from either Russia or China."^[8] An article in the Los Angeles Times reported that US defense officials described the malicious software as "apparently designed specifically to target military networks." It's "thought to be from inside Russia", although it was not clear "whether the destructive program was created by an individual hacker or whether the Russian government may have had some involvement."^[9]

In 2010, American journalist Noah Shachtman wrote an article to investigate the theory that the worm was written by a single hacker.^[3] Later analyses by Kaspersky Lab found relations to other spyware, including Red October, Turla, and Flame.^[10]

In December 2016, the United States FBI and DHS issued a Joint Analysis Report which included attribution of Agent.BTZ to one or more "Russian civilian and military intelligence Services (RIS)."^[11]

References

1. ^{{cite web|url=http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html|title=Agent.btz - A Threat That Hit Pentagon|author=Shevchenko, Sergei|date=30 November 2008|work=ThreatExpert Blog|accessdate=14 December 2016}}
2. ^{{cite web|url=http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=149448|title=W32/Autorun.worm.dw - Malware |author=|date=21 November 2008|work=McAfee Labs Threat Center|accessdate=14 December 2016}}
3. ^¹²³⁴{{cite web|url=https://www.wired.com/2010/08/insiders-doubt-2008-pentagon-hack-was-foreign-spy-attack/|title=Insiders Doubt 2008 Pentagon Hack Was Foreign Spy Attack |author=Shachtman, Noah|date=25 August 2010|work=Wired|accessdate=14 December 2016}}
4. ^{{cite web|url=http://www.pandasecurity.com/usa/homeusers/security-info/114229/information/Agent.BTZ|title=Agent.BTZ - Virus Information|author=|date=|publisher=Panda Security|accessdate=14 December 2016}}
5. ^{{cite web|url=https://www.f-secure.com/v-descs/worm_w32_agent_btz.shtml|title=Worm:W32/Agent.BTZ Description|author=|date=|work=F-Secure Labs|accessdate=14 December 2016}}
6. ^{{cite journal |url=http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new-domain |journal=Foreign Affairs | author= William J. Lynn III | title=Defending a New Domain | volume = | issue = | pages = |accessdate=2010-08-25 }}
7. ^{{cite web|url=https://www.theregister.co.uk/2008/11/20/us_army_usb_ban/|title=US Army bans USB devices to contain worm|first1=John |last1=Leyden|date=20 November 2008|work=The Register|accessdate=14 December 2016}}
8. ^{{cite web|url=http://www.economist.com/node/12725712|title=The worm turns|author=|date=4 December 2008|publisher=|accessdate=14 December 2016|work=The Economist}}
9. ^{{cite web|url=http://articles.latimes.com/2008/nov/28/nation/na-cyberattack28|title=Pentagon computer networks attacked|first=Julian E.|last=Barnes|date=28 November 2008|publisher=|accessdate=14 December 2016|work=Los Angeles Times}}
10. ^{{cite web|url=https://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/|title=Agent.btz: a Source of Inspiration?|author=Gostev, Alexander|date=12 March 2014|work=Securelist|accessdate=14 December 2016}}
11. ^{{Cite web|url=https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf|title=GRIZZLY STEPPE – Russian Malicious Cyber Activity|last=|first=|date=|website=US CERT|access-date=2 March 2017}}