Cyber alert system debuts as super worm spreads

The Homeland Security Department on Wednesday unveiled a cyber alert system that will send e-mail warnings of computer worms, viruses and other Internet-based threats to citizens, businesses and government agencies.

The e-mails target home users and other people not familiar with the technical jargon that often accompanies private sector warnings. Individuals, businesses and government agencies also use those alerts to keep tabs on Internet threats and to get advice on how to mitigate their damaging effects.

The launch of the National Cyber Alert System came as a virulent new worm spread rapidly across the Internet through e-mails, infecting hundreds of thousands of computers.

Security experts discovered the worm, called Mydoom, on Monday as it arrived in computer users' e-mail boxes. An infected message, often with the subject line "hi" or "test," contains an attachment that, when opened, allows the worm's controller to commandeer the infected machine. The controller can then command the machine, called a zombie, to bombard Web sites with electronic messages. The massive flow, known as a denial of service attack, can cause a Web site to shut down.

On Wednesday afternoon, new versions of the Mydoom worm appeared. Experts believe it is more powerful than the first. The worm is designed to launch an attack on Microsoft Corp.'s Web site in February.

Mydoom also blocks infected users' access to 65 other Web sites, most of which are run by anti-virus companies, said Ken Dunham, a virus analyst with iDefense Inc. This prevents users from accessing Web sites where they could download digital remedies to disinfect or protect their computers, he said.

Other experts tracking the worm, which also goes by the names Novarg and Shimgapi, said data indicates attackers are commandeering zombies for Web attacks and to launch more worm-carrying e-mails. Some reports said as many as 500,000 computers had been infected.

Dunham said his lab noticed that other computer attackers were trying to commandeer machines already infected by Mydoom. But on Wednesday, the original author began uploading command files into infected machines that would effectively lock out all other attackers, because only the author would know how to access those files. In effect, the attacker has put a lock on some computers, and he has the only key.

The Mydoom worm sends itself using an unsuspecting user's e-mail address, a technique called spoofing. This doesn't mean the user is infected, but it could be a sign that the worm bit someone who has the spoofed user's address in his contacts file.

Mydoom also has arrived as a message masquerading as a security warning. The message urges users to open attachments with important information about the infection, a strategy that experts said shows virus and worm writers continue to use psychological trickery to get users to infect their machines.

The rapid rise and spread of Mydoom provided an ironic backdrop to Homeland Security's announcement of the new security alert system. Amit Yoran, the director of the department's national cybersecurity division, said the government's system was not intended to compete with existing alert plans run by private sector security companies and other experts.

Yoran said his division would stay apprised of Mydoom's developments to assess its impact on national infrastructures and businesses. He said the center would follow a similar strategy during future virus and worm outbreaks. The United States Computer Emergency Readiness Team (US-CERT), a consortium of government agencies and private sector and academic members, will manage the operations of the alert center, according to Homeland Security.

Users can sign up for e-mail alerts at By mid-afternoon Wednesday, the Web site had posted no warnings or information about Mydoom.

Meanwhile, Mydoom showed no signs of relenting. According to virus tracker mi2G Intelligence Unit in London, the worm had spread to more than 170 countries in less than 48 hours. The company also estimated that loss of business, bandwidth clogging and productivity declines caused by dealing with the worm had caused $3 billion of "economic damage."

SCO Group Inc., a Utah company that has been embroiled in legal tussles with Linux, the major purveyor of open source software, offered a $250,000 reward for information leading to the apprehension and conviction of the Mydoom author or authors. The company's Web site has been attacked numerous times in the past 10 months, according to CEO Darl McBride. Mydoom reportedly targets SCO's Web site for a denial of service attack in February.


Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care


When you download a report, your information may be shared with the underwriters of that document.