Agency computers nailed by new virus

Computers at federal offices around the country were tied up Monday by a new computer virus transmitted through e-mail systems.

At a Monday afternoon briefing at FBI headquarters in Washington, Michael Vatis, the head of the National Infrastructure Protection Center, said that so far denial of service (users being unable to get into their e-mail systems because of excessive traffic caused by the virus) has been the greatest threat of the Melissa Macro Virus.

Although Vatis refused to specify how widespread the damage was, he said many government agencies and businesses have been affected.

"This has propagated extremely quickly," Vatis said. "Once a user is infected, you get into a cascading effect of many thousands."

Gary McGraw, a computer expert with RST in Reston, Va., said the new virus "is spreading faster than any virus ever before." Defense and Energy Department computers have been badly hit by the virus, McGraw said.

"The movement of the DoD to use commercial off-the-shelf software just places them in the same field as everyone else," said McGraw. "This just points out the risk we have because we have so much common infrastructure."

The Energy Department's Computer Incident Advisory Capability Web site reported that "this virus is spreading widely within and without of the DOE complex." The site also explains how to combat the virus.

The virus is spread as a Microsoft Word document attached to an e-mail message, with "Important Message From" in the subject line. Only users of Microsoft's Outlook and Outlook Express e-mail programs have been infected so far, experts said.

The virus reproduces itself, growing exponentially. When it is opened, it sends a message with a copy of itself attached to the first 50 e-mail addresses in the affected user's e-mail address book.

Computer viruses have existed for years and are regularly tracked by a group of software experts at the Computer Emergency Response Team at Carnegie Mellon University. But the Melissa virus, which first appeared late last week, has unleashed the first virus warning from the FBI's National Infrastructure Protection Center.

The FBI's Vatis said the agency would launch an investigation into how the virus was created and propagated. "The transmission of a virus can be a criminal matter, and the FBI is investigating," he said.

A Department of Justice spokesman said that Section 1030 of Title 18 of the Computer Security Act of 1987 makes it illegal to "knowingly cause transmission of a program, information, code, or command, and as result of such conduct, intentionally cause damage without authorization to a protected computer."

If there was a loss of more than $5,000, such a crime is a felony punishable by up to ten years in jail and $250,000 fine.

"E-mail users have the ability to significantly change the outcome of this incident," said Vatis. "I urge e-mail users to exercise caution when reading their e-mail for the next few days and to bring unusual messages to the attention of their system administrator."

Computer security experts said that the bug had its origin when certain users viewed messages posted on the Usenet newsgroup.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec