Agency computers nailed by new virus

Computers at federal offices around the country were tied up Monday by a new computer virus transmitted through e-mail systems.

At a Monday afternoon briefing at FBI headquarters in Washington, Michael Vatis, the head of the National Infrastructure Protection Center, said that so far denial of service (users being unable to get into their e-mail systems because of excessive traffic caused by the virus) has been the greatest threat of the Melissa Macro Virus.

Although Vatis refused to specify how widespread the damage was, he said many government agencies and businesses have been affected.

"This has propagated extremely quickly," Vatis said. "Once a user is infected, you get into a cascading effect of many thousands."

Gary McGraw, a computer expert with RST in Reston, Va., said the new virus "is spreading faster than any virus ever before." Defense and Energy Department computers have been badly hit by the virus, McGraw said.

"The movement of the DoD to use commercial off-the-shelf software just places them in the same field as everyone else," said McGraw. "This just points out the risk we have because we have so much common infrastructure."

The Energy Department's Computer Incident Advisory Capability Web site reported that "this virus is spreading widely within and without of the DOE complex." The site also explains how to combat the virus.

The virus is spread as a Microsoft Word document attached to an e-mail message, with "Important Message From" in the subject line. Only users of Microsoft's Outlook and Outlook Express e-mail programs have been infected so far, experts said.

The virus reproduces itself, growing exponentially. When it is opened, it sends a message with a copy of itself attached to the first 50 e-mail addresses in the affected user's e-mail address book.

Computer viruses have existed for years and are regularly tracked by a group of software experts at the Computer Emergency Response Team at Carnegie Mellon University. But the Melissa virus, which first appeared late last week, has unleashed the first virus warning from the FBI's National Infrastructure Protection Center.

The FBI's Vatis said the agency would launch an investigation into how the virus was created and propagated. "The transmission of a virus can be a criminal matter, and the FBI is investigating," he said.

A Department of Justice spokesman said that Section 1030 of Title 18 of the Computer Security Act of 1987 makes it illegal to "knowingly cause transmission of a program, information, code, or command, and as result of such conduct, intentionally cause damage without authorization to a protected computer."

If there was a loss of more than $5,000, such a crime is a felony punishable by up to ten years in jail and $250,000 fine.

"E-mail users have the ability to significantly change the outcome of this incident," said Vatis. "I urge e-mail users to exercise caution when reading their e-mail for the next few days and to bring unusual messages to the attention of their system administrator."

Computer security experts said that the bug had its origin when certain users viewed messages posted on the Usenet newsgroup.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.