[ISN] Record Computer Infections Slow U.S., Private Work

From: InfoSec News (isnat_private)
Date: Fri Aug 22 2003 - 01:39:01 PDT

  • Next message: InfoSec News: "[ISN] The Microsoft Security Bulletin They Won't Issue"

    By Charles Duhigg
    Washington Post Staff Writer
    Friday, August 22, 2003; Page E01 
    Federal agencies reported sluggish or stalled computer systems
    yesterday and record levels of e-mail interceptions as the spread of
    viruses that have tangled Internet traffic in the past 10 days slowed
    somewhat but remained at record levels.
    An official at the Department of Homeland Security noted that some
    agencies were unprepared for the digital infections, in spite of
    warnings issued by Microsoft Corp. and the department itself last
    Federal "agencies and commercial organizations have dropped the ball
    and they're suffering the consequences," said Sallie McDonald, a
    senior executive with the national cybersecurity division at the
    Department of Homeland Security.
    Computer viruses have spread at an unprecedented rate in the past 10
    days, moving faster and more aggressively than in any other period and
    infecting at least 1 million residential, business and government
    computers worldwide. Microsoft, whose dominant Windows operating
    system is the target of the malevolent codes, said yesterday that it
    discovered two new "critical" security flaws in its Internet Explorer
    Web browser. This generation of worms has done no irreversible damage,
    other than slowing communication, overstuffing e-mail inboxes and
    cutting into productivity, but computer experts worry that will not be
    the case next time.
    Internal computer systems at the Small Business Administration were
    down for two to three hours yesterday after agency computers were
    infected by the Welchia virus, said Stephen Galvan, the agency's chief
    information officer. Officials there decided to shut down the system
    to immediately install patches to stop the virus. Exterior systems,
    such as the SBA's Web site, do not use the Microsoft Windows operating
    system and were unaffected by the worm.
    Virus-defense systems at the Department of Commerce have been
    intercepting record numbers of infected e-mails, according to Tom
    Pyke, chief information officer for the agency. Pyke said that 40,000
    messages infected with the Sobig.F worm had been intercepted before
    infecting Commerce computers yesterday and that the agency continues
    to quarantine 500 to 750 e-mails per hour.
    A spokesman for the Federal Communications Commission reported
    individual computer outages related to the worm and some slowing of
    system-wide operations during the day.
    Meanwhile, computer security companies report a slight decrease in the
    spread of the Blaster, Welchia and Sobig.F worms. MessageLabs, an
    e-mail security company serving corporations, reported finding Sobig.F
    in one in every 28 e-mails intercepted by the company yesterday, down
    from a high of one in every 17 on Tuesday. The decrease is consistent
    with previous worm patterns, where overall occurrence drops by 50
    percent every 24 hours, said Brian Czarny, director of marketing for
    "Even with a 50 percent drop-off, we're still seeing phenomenal
    numbers," Czarny said. "This virus is going to be out there for a
    Representatives of computer security company Symantec reported that
    the worms appear to be tapering off slightly, but not significantly
    Homeland Security's McDonald said the week's events come as a wake-up
    call for government agencies.
    "These viruses could have been destroying files," she said. "An
    announcement went out from Microsoft and Homeland Security in July
    about this vulnerability, and here we are seven weeks later and people
    are still being hit with it. Those patches could have been installed
    last month before these attacks began."
    Organizations with sensitive data frequently back up their records to
    avoid potential losses, McDonald said, but but those who don't are at
    risk of permanently losing records. Many experienced decreases in
    productivity today when systems were slowed by attacks or brought off
    line around midday so that patches could be installed.
    "Legislation is already in effect placing security regulations on the
    health industry and financial industries," McDonald said. "If
    industries and agencies don't start regulating themselves, Congress
    may put in legislative requirements."
    Security experts noted that these worms should also serve as warnings
    to the public.
    "How many corporations have your name and credit card information?"  
    Fred B. Schneider, director of the Information Assurance Institute at
    Cornell University, said in an interview earlier this week. "There is
    sensitive data in cyberspace. What we're seeing right now could just
    as easily be taking that information and sending it to criminals."
    Brian Krebs of washingtonpost.com contributed to this report.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Aug 22 2003 - 05:13:09 PDT