Record Computer Infections Slow U.S., Private Work

[InfoSec News <isn () c4i org>]

http://www.washingtonpost.com/wp-dyn/articles/A28770-2003Aug21.html

By Charles Duhigg
Washington Post Staff Writer
Friday, August 22, 2003; Page E01 

Federal agencies reported sluggish or stalled computer systems
yesterday and record levels of e-mail interceptions as the spread of
viruses that have tangled Internet traffic in the past 10 days slowed
somewhat but remained at record levels.

An official at the Department of Homeland Security noted that some
agencies were unprepared for the digital infections, in spite of
warnings issued by Microsoft Corp. and the department itself last
month.

Federal "agencies and commercial organizations have dropped the ball
and they're suffering the consequences," said Sallie McDonald, a
senior executive with the national cybersecurity division at the
Department of Homeland Security.

Computer viruses have spread at an unprecedented rate in the past 10
days, moving faster and more aggressively than in any other period and
infecting at least 1 million residential, business and government
computers worldwide. Microsoft, whose dominant Windows operating
system is the target of the malevolent codes, said yesterday that it
discovered two new "critical" security flaws in its Internet Explorer
Web browser. This generation of worms has done no irreversible damage,
other than slowing communication, overstuffing e-mail inboxes and
cutting into productivity, but computer experts worry that will not be
the case next time.

Internal computer systems at the Small Business Administration were
down for two to three hours yesterday after agency computers were
infected by the Welchia virus, said Stephen Galvan, the agency's chief
information officer. Officials there decided to shut down the system
to immediately install patches to stop the virus. Exterior systems,
such as the SBA's Web site, do not use the Microsoft Windows operating
system and were unaffected by the worm.

Virus-defense systems at the Department of Commerce have been
intercepting record numbers of infected e-mails, according to Tom
Pyke, chief information officer for the agency. Pyke said that 40,000
messages infected with the Sobig.F worm had been intercepted before
infecting Commerce computers yesterday and that the agency continues
to quarantine 500 to 750 e-mails per hour.

A spokesman for the Federal Communications Commission reported
individual computer outages related to the worm and some slowing of
system-wide operations during the day.

Meanwhile, computer security companies report a slight decrease in the
spread of the Blaster, Welchia and Sobig.F worms. MessageLabs, an
e-mail security company serving corporations, reported finding Sobig.F
in one in every 28 e-mails intercepted by the company yesterday, down
from a high of one in every 17 on Tuesday. The decrease is consistent
with previous worm patterns, where overall occurrence drops by 50
percent every 24 hours, said Brian Czarny, director of marketing for
MessageLabs.

"Even with a 50 percent drop-off, we're still seeing phenomenal
numbers," Czarny said. "This virus is going to be out there for a
while."

Representatives of computer security company Symantec reported that
the worms appear to be tapering off slightly, but not significantly
decreasing.

Homeland Security's McDonald said the week's events come as a wake-up
call for government agencies.

"These viruses could have been destroying files," she said. "An
announcement went out from Microsoft and Homeland Security in July
about this vulnerability, and here we are seven weeks later and people
are still being hit with it. Those patches could have been installed
last month before these attacks began."

Organizations with sensitive data frequently back up their records to
avoid potential losses, McDonald said, but but those who don't are at
risk of permanently losing records. Many experienced decreases in
productivity today when systems were slowed by attacks or brought off
line around midday so that patches could be installed.

"Legislation is already in effect placing security regulations on the
health industry and financial industries," McDonald said. "If
industries and agencies don't start regulating themselves, Congress
may put in legislative requirements."

Security experts noted that these worms should also serve as warnings
to the public.

"How many corporations have your name and credit card information?"  
Fred B. Schneider, director of the Information Assurance Institute at
Cornell University, said in an interview earlier this week. "There is
sensitive data in cyberspace. What we're seeing right now could just
as easily be taking that information and sending it to criminals."

Brian Krebs of washingtonpost.com contributed to this report.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.