Malware knocks out U.S.
John Fontana
May 22, 2009 (Network World) Malware Wednesday crippled Windows-based computer systems at the
The agency's press office confirmed it was having network problems and that its e-mail system was down Thursday morning, but it was unclear if the outage extended across the entire network.
Per government regulations agencies are required to report security incidents to the US-Computer Emergency Readiness Team (US-CERT). A call to CERT was not returned by press time.
It was not clear if the malware was the cause of the network outage or if the agency took down systems to stem the spread of what was believed to be the Neeris worm, which saw a new version appear last month that copies Conficker's evil ways.The agency was running desktop malware software, but it had not been updated for more than three years -- even though the agency had paid for upgrades to newer versions that protect against Neeris. In addition, Microsoft has issued two patches, one in 2006 and one in October, to close holes in its software exploited by Neeris.
The agency's Web site was up and running Thursday morning, but a receptionist in the press office said "the agency's whole e-mail system is down, and the agency is unable to receive e-mail."
Later, another press office staffer confirmed that there were network problems.
Members of the agency's IT staff were communicating with vendors via Gmail accounts as they attempted to work through the issue.
The
There was no word if the problems had spread to the Department of Justice (DOJ) or to other agencies under the DOJ.
The
There were reports that the agency was hit with the Neeris worm, which infects desktops and can enable a remote user to execute malicious commands on the affected system.
Neeris and its variants are capable of propagating using multiple avenues including network shares and removable drives, via software vulnerabilities in servers to propagate across networks, and via Microsoft's instant messaging clients.Trend Micro lists the risk rating for Neeris as "Low" but the damage potential as "High."
Michael Sweeny, global public relations director for Trend Micro, said the
He did not detail what those problems were and said he had not heard anything about Neeris being the culprit.
But Trend Micro's daily statistics on Neeris worm infections showed a spike from Wednesday evening that rose from nearly zero to 700 computers. Another smaller spike of about 100 computers was detected Thursday morning.
The
The statistics, posted online, are based on detections made by Housecall, Trend Micro's online scanner.
The
The agency, however, runs the 5.0 version, which is more than three years old. Trend Micro says protection against Neeris has been in OfficeScan since version 8. The current version is 10.
"[Their version] is a vastly out-of-date, end-of-life product," said Sweeny.
In addition, Sweeny said the
Problems with security on government networks are not new.
An updated Government Accountability Office report issued this week said agencies have made progress in implementing information security requirements but that significant weaknesses persist. The report found 23 of 24 major federal agencies had weaknesses in their agency-wide information security programs. Those agencies included the DOJ.
While the Neeris worm has been around since 2005, a new version was discovered just last month that used the same vulnerability targeted by Conficker. The new version spreads via the Windows "autorun" command.
A patch to close the critically-rated vulnerability that Neeris and Conficker exploit was issued in October by Microsoft.Still, security researchers reported this week that Conficker was still infecting 50,000 PCs per day.
Earlier versions of Neeris exploited a vulnerability patched by Microsoft in August 2006.
posted by News Service at
3:29 AM
0 Comments:
Post a Comment
<< Home