Security experts Monday reported that the much-feared Blaster worm, which began spreading last week in anticipation of an attack on a Microsoft Web site this past weekend, failed to make much of a bang. The worm had been infecting machines using several popular versions of the Microsoft operating system. It instructed infected computers to attack a Microsoft Web site on Aug. 16 that contained a patch to fend off the worm.
But Microsoft appears to have dodged the bullet. Security engineers with Symantec reported the Aug. 16 attack "had no noticeable impact on systems" since Microsoft had taken down the targeted Web site (windowsupdate.com) days earlier. The company set up an alternate site at http://windowsupdate.microsoft.com, where customers could still download security fixes.
But don't breathe a sigh of relief just yet. Now, experts are warning of a Blaster hoax and a new worm that actually kicks Blaster off infected computers so it can commandeer the machine.
Some users are receiving e-mails purporting to contain the Microsoft patch to stop Blaster. However, the message really holds another security threat, called a Trojan, that goes by the name Graybird-A. As a rule, Microsoft doesn't issue patches by e-mail, so the company is warning users to be suspicious.
And another worm that actually appears to behave benevolently is now making its rounds. Known as Welchia, it deletes the poisonous file dropped in by Blaster and then tries to get the machine to download the security patch. If it downloads successfully, the worm will tell the computer to reboot, so that the patch can take effect.
Welchia may look like a good worm, but security expert Ken Dunham with iDEFENSE Inc. of Reston, Va., believes it could be an attempt by nefarious computer hackers to keep their competition from taking over more machines. Attackers target easily exploitable computers, like those with the Microsoft vulnerability that lets in Blaster, Dunham says. Then "they own that [computer] entirely…and do as they like."
Blaster may have infected several hundred thousand computers since it was first noticed a week ago, according to some estimates. Its apparent goal was to bombard the Microsoft patch site with immense amounts of electronic traffic, making it difficult for users or security administrators to get to the site.
Picking Sides
The competition is firming up for the Homeland Security Department's US VISIT contract, the mammoth entry-exit tracking system to be deployed at all U.S. ports of entry. An executive with technology titan Lockheed Martin-one of the largest federal contractors-announced last week the company would lead a bidding team consisting of some of the market's best-known names.
Dick Fogel, Lockheed's "capture executive" for VISIT charged with securing the contract, sought to position the team as the leading contender in a small field of contenders, which include Computer Sciences Corp., Northrop Grumman and AT&T. The Lockheed team consists mainly of "first tier" companies, but "nice players" will have a role, too, Fogel said in a conference call with reporters last week.
Fogel said each of the players brings something unique to the team:
- Consulting firm Booz Allen Hamilton will focus on business-related areas such as process reengineering and the nebulous task of "change management." In this case, that means getting a befuddled collection of procedures from immigration and customs agencies to work together.
- Harris Corp. will bring communications expertise. Fogel said that, based on his conversations with Homeland Security, he's not sure which communications systems from the department's component agencies will be included in VISIT.
- Technology mainstay IBM will provide infrastructure development and expertise using Web-based applications.
- Vienna, Va.-based Management Systems Designers, one small company in the group, has a background in biometrics for use in law enforcement. The firm will help Lockheed develop systems that interface with older ones still housed in the Homeland Security agencies.
- Defense and intelligence contractor SAIC will bring "enterprise architecture credentials" to the group, Fogel said. The company is engaged in work now with Homeland Security concerning the ongoing writing of the department's architecture, or IT systems blueprint. SAIC also worked with Lockheed in the past on Immigration and Naturalization Service programs.
- Unisys contributes experience developing biometrics and enterprise architecture for the Transportation Security Administration. The company manages all IT systems and communications work for that agency.
- SI International rounds out the team, bringing what Fogel called "very deep experience" with the State Department and consular affairs.
Just what role State will play in the VISIT system is a big unanswered question. Consular offices overseas, which issue visas, will have to tap into the VISIT network, which will be based primarily in the United States. How that will be done, and how State will work out policies and procedures with Homeland Security, remains to be seen. But the answer is critically important to VISIT's success, technology executives say.
The VISIT contract won't be awarded until next year. In the meantime, Homeland Security plans to use existing border control and identification systems in a piecemeal fashion to have some entry-exit capabilities at the nation's 50 largest airports by year's end.
Fogel said officials plan to use two fingerprint databases-one managed by the FBI, the other formerly held by INS-to scan foreign visitors. As of now, those systems are only used in the "secondary" stations at ports of entry, where some individuals undergo closer inspection. Homeland Security's idea, Fogel said, is to expand the fingerprint system out of secondary screening for use on all foreigners who fall under VISIT's jurisdiction.
Lockheed already has been integrating the two fingerprint systems under a separate contract.