Agency computers nailed by new virus

Computers at federal offices around the country were tied up Monday by a new computer virus transmitted through e-mail systems.

At a Monday afternoon briefing at FBI headquarters in Washington, Michael Vatis, the head of the National Infrastructure Protection Center, said that so far denial of service (users being unable to get into their e-mail systems because of excessive traffic caused by the virus) has been the greatest threat of the Melissa Macro Virus.

Although Vatis refused to specify how widespread the damage was, he said many government agencies and businesses have been affected.

"This has propagated extremely quickly," Vatis said. "Once a user is infected, you get into a cascading effect of many thousands."

Gary McGraw, a computer expert with RST in Reston, Va., said the new virus "is spreading faster than any virus ever before." Defense and Energy Department computers have been badly hit by the virus, McGraw said.

"The movement of the DoD to use commercial off-the-shelf software just places them in the same field as everyone else," said McGraw. "This just points out the risk we have because we have so much common infrastructure."

The Energy Department's Computer Incident Advisory Capability Web site reported that "this virus is spreading widely within and without of the DOE complex." The site also explains how to combat the virus.

The virus is spread as a Microsoft Word document attached to an e-mail message, with "Important Message From" in the subject line. Only users of Microsoft's Outlook and Outlook Express e-mail programs have been infected so far, experts said.

The virus reproduces itself, growing exponentially. When it is opened, it sends a message with a copy of itself attached to the first 50 e-mail addresses in the affected user's e-mail address book.

Computer viruses have existed for years and are regularly tracked by a group of software experts at the Computer Emergency Response Team at Carnegie Mellon University. But the Melissa virus, which first appeared late last week, has unleashed the first virus warning from the FBI's National Infrastructure Protection Center.

The FBI's Vatis said the agency would launch an investigation into how the virus was created and propagated. "The transmission of a virus can be a criminal matter, and the FBI is investigating," he said.

A Department of Justice spokesman said that Section 1030 of Title 18 of the Computer Security Act of 1987 makes it illegal to "knowingly cause transmission of a program, information, code, or command, and as result of such conduct, intentionally cause damage without authorization to a protected computer."

If there was a loss of more than $5,000, such a crime is a felony punishable by up to ten years in jail and $250,000 fine.

"E-mail users have the ability to significantly change the outcome of this incident," said Vatis. "I urge e-mail users to exercise caution when reading their e-mail for the next few days and to bring unusual messages to the attention of their system administrator."

Computer security experts said that the bug had its origin when certain users viewed messages posted on the alt.sex Usenet newsgroup.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

    Download
  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download
  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.

    Download

When you download a report, your information may be shared with the underwriters of that document.