Cyber alert system debuts as super worm spreads

The Homeland Security Department on Wednesday unveiled a cyber alert system that will send e-mail warnings of computer worms, viruses and other Internet-based threats to citizens, businesses and government agencies.

The e-mails target home users and other people not familiar with the technical jargon that often accompanies private sector warnings. Individuals, businesses and government agencies also use those alerts to keep tabs on Internet threats and to get advice on how to mitigate their damaging effects.

The launch of the National Cyber Alert System came as a virulent new worm spread rapidly across the Internet through e-mails, infecting hundreds of thousands of computers.

Security experts discovered the worm, called Mydoom, on Monday as it arrived in computer users' e-mail boxes. An infected message, often with the subject line "hi" or "test," contains an attachment that, when opened, allows the worm's controller to commandeer the infected machine. The controller can then command the machine, called a zombie, to bombard Web sites with electronic messages. The massive flow, known as a denial of service attack, can cause a Web site to shut down.

On Wednesday afternoon, new versions of the Mydoom worm appeared. Experts believe it is more powerful than the first. The worm is designed to launch an attack on Microsoft Corp.'s Web site in February.

Mydoom also blocks infected users' access to 65 other Web sites, most of which are run by anti-virus companies, said Ken Dunham, a virus analyst with iDefense Inc. This prevents users from accessing Web sites where they could download digital remedies to disinfect or protect their computers, he said.

Other experts tracking the worm, which also goes by the names Novarg and Shimgapi, said data indicates attackers are commandeering zombies for Web attacks and to launch more worm-carrying e-mails. Some reports said as many as 500,000 computers had been infected.

Dunham said his lab noticed that other computer attackers were trying to commandeer machines already infected by Mydoom. But on Wednesday, the original author began uploading command files into infected machines that would effectively lock out all other attackers, because only the author would know how to access those files. In effect, the attacker has put a lock on some computers, and he has the only key.

The Mydoom worm sends itself using an unsuspecting user's e-mail address, a technique called spoofing. This doesn't mean the user is infected, but it could be a sign that the worm bit someone who has the spoofed user's address in his contacts file.

Mydoom also has arrived as a message masquerading as a security warning. The message urges users to open attachments with important information about the infection, a strategy that experts said shows virus and worm writers continue to use psychological trickery to get users to infect their machines.

The rapid rise and spread of Mydoom provided an ironic backdrop to Homeland Security's announcement of the new security alert system. Amit Yoran, the director of the department's national cybersecurity division, said the government's system was not intended to compete with existing alert plans run by private sector security companies and other experts.

Yoran said his division would stay apprised of Mydoom's developments to assess its impact on national infrastructures and businesses. He said the center would follow a similar strategy during future virus and worm outbreaks. The United States Computer Emergency Readiness Team (US-CERT), a consortium of government agencies and private sector and academic members, will manage the operations of the alert center, according to Homeland Security.

Users can sign up for e-mail alerts at By mid-afternoon Wednesday, the Web site had posted no warnings or information about Mydoom.

Meanwhile, Mydoom showed no signs of relenting. According to virus tracker mi2G Intelligence Unit in London, the worm had spread to more than 170 countries in less than 48 hours. The company also estimated that loss of business, bandwidth clogging and productivity declines caused by dealing with the worm had caused $3 billion of "economic damage."

SCO Group Inc., a Utah company that has been embroiled in legal tussles with Linux, the major purveyor of open source software, offered a $250,000 reward for information leading to the apprehension and conviction of the Mydoom author or authors. The company's Web site has been attacked numerous times in the past 10 months, according to CEO Darl McBride. Mydoom reportedly targets SCO's Web site for a denial of service attack in February.


Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by Brocade

    Best of 2016 Federal Forum eBook

    Earlier this summer, Federal and tech industry leaders convened to talk security, machine learning, network modernization, DevOps, and much more at the 2016 Federal Forum. This eBook includes a useful summary highlighting the best content shared at the 2016 Federal Forum to help agencies modernize their network infrastructure.

  • Sponsored by CDW-G

    GBC Flash Poll Series: Merger & Acquisitions

    Download this GBC Flash Poll to learn more about federal perspectives on the impact of industry consolidation.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by Aquilent

    A DevOps Roadmap for the Federal Government

    This GBC Report discusses how DevOps is steadily gaining traction among some of government's leading IT developers and agencies.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.

  • Sponsored by CDW-G

    Joint Enterprise Licensing Agreements

    Read this eBook to learn how defense agencies can achieve savings and efficiencies with an Enterprise Software Agreement.

  • Sponsored by Cloudera

    Government Forum Content Library

    Get all the essential resources needed for effective technology strategies in the federal landscape.


When you download a report, your information may be shared with the underwriters of that document.