Cyber alert system debuts as super worm spreads

The Homeland Security Department on Wednesday unveiled a cyber alert system that will send e-mail warnings of computer worms, viruses and other Internet-based threats to citizens, businesses and government agencies.

The e-mails target home users and other people not familiar with the technical jargon that often accompanies private sector warnings. Individuals, businesses and government agencies also use those alerts to keep tabs on Internet threats and to get advice on how to mitigate their damaging effects.

The launch of the National Cyber Alert System came as a virulent new worm spread rapidly across the Internet through e-mails, infecting hundreds of thousands of computers.

Security experts discovered the worm, called Mydoom, on Monday as it arrived in computer users' e-mail boxes. An infected message, often with the subject line "hi" or "test," contains an attachment that, when opened, allows the worm's controller to commandeer the infected machine. The controller can then command the machine, called a zombie, to bombard Web sites with electronic messages. The massive flow, known as a denial of service attack, can cause a Web site to shut down.

On Wednesday afternoon, new versions of the Mydoom worm appeared. Experts believe it is more powerful than the first. The worm is designed to launch an attack on Microsoft Corp.'s Web site in February.

Mydoom also blocks infected users' access to 65 other Web sites, most of which are run by anti-virus companies, said Ken Dunham, a virus analyst with iDefense Inc. This prevents users from accessing Web sites where they could download digital remedies to disinfect or protect their computers, he said.

Other experts tracking the worm, which also goes by the names Novarg and Shimgapi, said data indicates attackers are commandeering zombies for Web attacks and to launch more worm-carrying e-mails. Some reports said as many as 500,000 computers had been infected.

Dunham said his lab noticed that other computer attackers were trying to commandeer machines already infected by Mydoom. But on Wednesday, the original author began uploading command files into infected machines that would effectively lock out all other attackers, because only the author would know how to access those files. In effect, the attacker has put a lock on some computers, and he has the only key.

The Mydoom worm sends itself using an unsuspecting user's e-mail address, a technique called spoofing. This doesn't mean the user is infected, but it could be a sign that the worm bit someone who has the spoofed user's address in his contacts file.

Mydoom also has arrived as a message masquerading as a security warning. The message urges users to open attachments with important information about the infection, a strategy that experts said shows virus and worm writers continue to use psychological trickery to get users to infect their machines.

The rapid rise and spread of Mydoom provided an ironic backdrop to Homeland Security's announcement of the new security alert system. Amit Yoran, the director of the department's national cybersecurity division, said the government's system was not intended to compete with existing alert plans run by private sector security companies and other experts.

Yoran said his division would stay apprised of Mydoom's developments to assess its impact on national infrastructures and businesses. He said the center would follow a similar strategy during future virus and worm outbreaks. The United States Computer Emergency Readiness Team (US-CERT), a consortium of government agencies and private sector and academic members, will manage the operations of the alert center, according to Homeland Security.

Users can sign up for e-mail alerts at By mid-afternoon Wednesday, the Web site had posted no warnings or information about Mydoom.

Meanwhile, Mydoom showed no signs of relenting. According to virus tracker mi2G Intelligence Unit in London, the worm had spread to more than 170 countries in less than 48 hours. The company also estimated that loss of business, bandwidth clogging and productivity declines caused by dealing with the worm had caused $3 billion of "economic damage."

SCO Group Inc., a Utah company that has been embroiled in legal tussles with Linux, the major purveyor of open source software, offered a $250,000 reward for information leading to the apprehension and conviction of the Mydoom author or authors. The company's Web site has been attacked numerous times in the past 10 months, according to CEO Darl McBride. Mydoom reportedly targets SCO's Web site for a denial of service attack in February.


Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.