October 07, 2011, 4:09 PM — Even if you're used to the idea that viruses can be written for anything with a microprocessor and that if one device or set of technologies becomes particularly hot, virus writers will flock to it just like anyone else would – to be close to the coolest technology and maybe do more damage because early adopters might be taking fewer precautions than they would if the malware were thicker.
Nevertheless, there will always be some devices you absolutely don't want infected by malware under any circumstances. Big database servers. Authentication databases. Security certificate providers (RSA).
You probably don't want to allow any system with the word Hellfire anywhere in its component list to be infected by something that could give someone else control of it while you're trying to zero the cameras in on the movements of Al Queda's new No. 2 (No. 2 is always new for the same reason red shirts were always unknowns in Star Trek), or snapping long-range pictures of Osama's secret compound and porn stash.
According to Wired, however, keyloggers did indeed sneak into the onboard operational systems of Air Force Predator and Reaper drones, recording every move and command the remote pilots made as they criscrossed war zones in Afghanistan and Pakistan.
Air force maintenance techs spotted the infection using the DoD's Host Based Secuirty System, a large-scale network of antivirus, counter-intrusion software that sits on every server, desktop and laptop in the DoD.
The client versions add stronger firewall and intrusion prevention to their existing security and reporting back to central databases that watch both anti-virus update lists for signatures of new threats, and filter possible infections HBSS finds in the field.
Air Force techs used HBSS and other antivirus tools to clean it from the drone's sytems, but it keeps coming back according to one anonymous source quoted by Wired.
"We think it's benign. But we just don't know."
No one seems to know where it came from or what, specifically it's up to. The keylogger component to it might be recording all the codes and control commands coming from operators at Creech Air Force Base in Nevada, who fly the drones remotely (very remotely) over central Asia.
The same virus has shown up on classified and unclassified computers at Creech, but so far haven't done too much demonstrable progress.
The Air Force flies more than 150 drones over Afghanistan, while the CIA flies about 30 that have hit targets in Afghanistan. Between them, according to Wired, the drones have killed more than 2,000 people suspected of being militants and civilians accompanying them.