Feds on virus alert

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Feds on virus alert BY Dan Verton 05/04/2000 UPDATED 3:15 PM

At least eight government agencies and Congress today confirmed that a computer virus has infected hundreds of unclassified networks and has forced some organizations to temporarily shut down their systems.

The virus, known by the names "ILOVEYOU" or "love letter," hit agencies within the Defense Department, the Education Department, the National Institutes of Health, the Small Business Administration, the CIA, NASA, the Federal Emergency Management Agency, the State Department and Congress.

The virus is similar to the notorious Melissa virus that plagued networks last year. It arrives as an e-mail attachment and uses the recipients e-mail address book to send itself to potentially thousands of other systems.

Although the source of the virus remains a mystery, reports of network infections have come in from Hong Kong, the Philippines, Great Britain and Sweden. Sources said the virus hit at least 80 percent of Swedish systems and 30 percent of British systems, including the House of Commons.

As of 10 a.m. today, the Computer Emergency Response Team Coordination Center at Carnegie Mellon University reported an unusually high volume of incidents related to the virus. Jeff Carpenter, senior Internet security technologist for CERT, said many sites are experiencing significantly increased e-mail traffic as a result of the virus.

"We have received over 150 reports as of 10 a.m. today, which is higher than normal for an average virus," said Carpenter in a prepared statement. "Preliminary analysis indicates that it is similar to Melissa in that it is most frequently spread as an e-mail attachment, but in this case it is an executable program rather than a Microsoft Word document [as Melissa was.]"

When the executable attachment is run, it will, under certain conditions, send copies of itself to addresses in the users address book. The virus also can infect other files on the local disk drive and on network-mounted disk drives, Carpenter said.

Here is how some federal agencies have responded to the virus:

DOD: The department discovered the virus in many of its unclassified systems and has since placed a warning on its Computer Emergency and Response Team World Wide Web page instructing users not to open the e-mail, according to spokeswoman Sue Hansen. "Some units have taken their systems offline, but that was [supposed to be] a last resort," Hansen said.

SBA: The agency shut down all its databases and has posted warnings on every floor of its buildings as well as on its intranet. "Our biggest concern is this may go beyond e-mail systems and SBA, and other agencies are looking at the potential of losing some very important government information," an SBA spokesman said. "We are having to revert back to the age-old hard-copy directories for information," he said.

State: "Weve blocked the ability to send attachments on both our classified and unclassified systems at the firewalls," a State Department source said.

FEMA: Everyone at the agency received one or two messages with the virus, and some people opened the attachment, said Young Pak, a FEMA help-desk worker. "We still dont know the effects," he said. A patch was sent to stop the spread of the virus, but he said he wasnt sure that all agency workers rebooted their computers, which is necessary for the patch to work.

CIA: The agency "experienced a handful of isolated attacks or viruses on our unclassified systems, which were identified and quickly resolved with negligible effect," a spokeswoman said. The agency has since purged its systems of the e-mails and has posted warnings to all of its employees, the spokeswoman said. "At this point that seems adequate."

Army: Spokesmen said Army offices in the Pentagon experienced major e-mail disruptions, and some major commands, such as the Aviation-Missile Command, Redstone Arsenal, Ala., and the Tank-Automotive Command, Warren, Mich., took down their main servers to eliminate the virus.

Education: The department shut down its e-mail and Internet access from 9:30 a.m. to 2 p.m., spokesman Jim Bradshaw said. "We were moderately infected, with less than 100 computers infected," he said. Educations Washington, D.C., office has about 3,000 workstations, he said.

After the systems were shut down, the department began installing software to prevent the virus spread, he said. Bradshaw said the Pentagon notified the department 7:30 a.m., and "as a result we were able to take defensive measures immediately," he said.

 Natasha Haubold and Daniel Keegan contributed to this article.


-- Martin Thompson (mthom1927@aol.com), May 04, 2000

Moderation questions? read the FAQ