http://www.washingtonpost.com/wp-dyn/articles/A28770-2003Aug21.html By Charles Duhigg Washington Post Staff Writer Friday, August 22, 2003; Page E01 Federal agencies reported sluggish or stalled computer systems yesterday and record levels of e-mail interceptions as the spread of viruses that have tangled Internet traffic in the past 10 days slowed somewhat but remained at record levels. An official at the Department of Homeland Security noted that some agencies were unprepared for the digital infections, in spite of warnings issued by Microsoft Corp. and the department itself last month. Federal "agencies and commercial organizations have dropped the ball and they're suffering the consequences," said Sallie McDonald, a senior executive with the national cybersecurity division at the Department of Homeland Security. Computer viruses have spread at an unprecedented rate in the past 10 days, moving faster and more aggressively than in any other period and infecting at least 1 million residential, business and government computers worldwide. Microsoft, whose dominant Windows operating system is the target of the malevolent codes, said yesterday that it discovered two new "critical" security flaws in its Internet Explorer Web browser. This generation of worms has done no irreversible damage, other than slowing communication, overstuffing e-mail inboxes and cutting into productivity, but computer experts worry that will not be the case next time. Internal computer systems at the Small Business Administration were down for two to three hours yesterday after agency computers were infected by the Welchia virus, said Stephen Galvan, the agency's chief information officer. Officials there decided to shut down the system to immediately install patches to stop the virus. Exterior systems, such as the SBA's Web site, do not use the Microsoft Windows operating system and were unaffected by the worm. Virus-defense systems at the Department of Commerce have been intercepting record numbers of infected e-mails, according to Tom Pyke, chief information officer for the agency. Pyke said that 40,000 messages infected with the Sobig.F worm had been intercepted before infecting Commerce computers yesterday and that the agency continues to quarantine 500 to 750 e-mails per hour. A spokesman for the Federal Communications Commission reported individual computer outages related to the worm and some slowing of system-wide operations during the day. Meanwhile, computer security companies report a slight decrease in the spread of the Blaster, Welchia and Sobig.F worms. MessageLabs, an e-mail security company serving corporations, reported finding Sobig.F in one in every 28 e-mails intercepted by the company yesterday, down from a high of one in every 17 on Tuesday. The decrease is consistent with previous worm patterns, where overall occurrence drops by 50 percent every 24 hours, said Brian Czarny, director of marketing for MessageLabs. "Even with a 50 percent drop-off, we're still seeing phenomenal numbers," Czarny said. "This virus is going to be out there for a while." Representatives of computer security company Symantec reported that the worms appear to be tapering off slightly, but not significantly decreasing. Homeland Security's McDonald said the week's events come as a wake-up call for government agencies. "These viruses could have been destroying files," she said. "An announcement went out from Microsoft and Homeland Security in July about this vulnerability, and here we are seven weeks later and people are still being hit with it. Those patches could have been installed last month before these attacks began." Organizations with sensitive data frequently back up their records to avoid potential losses, McDonald said, but but those who don't are at risk of permanently losing records. Many experienced decreases in productivity today when systems were slowed by attacks or brought off line around midday so that patches could be installed. "Legislation is already in effect placing security regulations on the health industry and financial industries," McDonald said. "If industries and agencies don't start regulating themselves, Congress may put in legislative requirements." Security experts noted that these worms should also serve as warnings to the public. "How many corporations have your name and credit card information?" Fred B. Schneider, director of the Information Assurance Institute at Cornell University, said in an interview earlier this week. "There is sensitive data in cyberspace. What we're seeing right now could just as easily be taking that information and sending it to criminals." Brian Krebs of washingtonpost.com contributed to this report. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Aug 22 2003 - 05:13:09 PDT