U.S. immigration system hit by virus

Free Newsletters

Log-in | Register

U.S. immigration system hit by virus Network links suspended between Washington, foreign embassies, and consular offices for nine hours
By Paul Roberts, IDG News Service September 24, 2003			E-mail Printer Friendly Reprints Slashdot It!

The U.S. Department of State struggled Tuesday to quell an outbreak of the W32.Welchia Internet worm on the department's computer systems.

Free IT resource

Open Source Business Conference (OSBC) May 22-23, 2007

Sponsored by Dell

The worm infestation slowed e-mail systems at the massive federal agency and prompted technical staff to suspend network links between Washington, D.C., foreign embassies and consular offices for nine hours to halt the worm's spread.

That move disrupted the Consular Lookout and Support System (CLASS), which is used to check the names of visa applicants against a database containing the names of millions of people who are ineligible to receive a U.S. visa, according to a spokeswoman.

Contrary to some published reports, the Welchia worm did not infect machines used by CLASS, she said.

"We want to emphasize that the name check system was not attacked," she said.

The worm outbreak affected only Windows systems on the State Department's unclassified network in its Washington D.C. facility, according to Mary Swann, a spokeswoman for the Information Resource Management (IRM) bureau, which manages the State Department's IT.

That network hosts the agency's unclassified e-mail system as well as other unclassified network resources, she said.

However, with network connections to the CLASS database in Washington, D.C. severed starting at around 4:00 PM GMT, the system could not function, the State Department spokeswoman said.

Department technical staff restored the network connections at around 9:00 PM local time, 1:00 AM GMT on Wednesday, she said.

Staff at the department's Information Resource Management Bureau were incrementally bringing State Department machines back online in the Washington D.C. facility Wednesday to prevent reinfection, Swann said.

Swann defended the State Department's IT security system, saying that the agency had a "very elaborate system" of firewall, IDS (Intrusion Detection System) and antivirus technology that were all up to date at the time of the outbreak.

IRM could not provide statistics on how many Windows systems were infected or how the worm was introduced to the Department of State's network, Swann said.

Swann could also not comment on why State Department systems were vulnerable to the Welchia worm.

Infections on the agency's internal network suggest that Windows systems had not been patched with either one of two critical Microsoft software updates that plugged the security holes exploited by Blaster and Welchia, but Swann could not confirm the existence of unpatched systems on the network.

The interruption slowed processing of U.S. visas worldwide. Consular staff cannot print official visas without first running the applicant's name through the CLASS system.

However, applicants who had already been checked against the CLASS system could still be issued U.S. visas late Tuesday, the spokeswoman said.

Other visa functions such as processing applications and interviewing applicants do not rely on CLASS and were unaffected by the worm outbreak, she said.

First identified on Aug. 18, Welchia spreads by exploiting the same Windows security hole as the W32.Blaster worm.

The worm does not rely on e-mail messages to spread. The worm exploits machines by sending an improperly formatted RPC (remote procedure call) message to vulnerable systems, causing a buffer overflow on the machines that enables the worm code to spread.

After infecting vulnerable Windows 2000 or Window XP machines, the new worm searches for and removes the Blaster worm file, Msblast.exe, and attempts to download and install a Windows software patch from Microsoft that closes the security hole used by the worm, according to antivirus companies.

Although the number of new Welchia infections is down since August, copies of the worm are still circulating on the Internet. On Wednesday, antivirus company Symantec Corp. still had Welchia rated a Category 4 threat on a scale of one to five, indicating a "severe" threat that is "difficult to contain."

On Wednesday, the U.S. embassy in the U.K. and other countries reported no problems with the CLASS system and no delays in issuing visas.

The State Department's internal investigatory arm, the Bureau of Diplomatic Security, was investigating the Welchia outbreak and would issue an extensive report, Swann said.

E-mail

Printer Friendly

Reprints

Slashdot It!

TOP NEWS:

» Despite financial losses, Microsoft looks to increase investment in online services
Steve Ballmer says that the $488 million loss for the fourth quarter that the online services division reported is insignificant compared to the its potential

» Think small with Linutop 2 PC
The tiny, energy-efficient Linux-based Linutop 2 is a low-cost, minimalist PC that is eerily quiet to use

» Sun technologist: SOAP stack a 'failure'
Tim Bray, co-inventor of XML, prefers REST mechanism over SOAP

» Software piracy hurts the open-source community too
Many nations are beginning to see stolen proprietary software as a lost opportunity for open source software, whose development can encourage innovation and job growth

» Intel readies slew of embedded chips based on Atom core
Intel is trying to increase performance and drop power consumption in more than 15 system-on-chips that use the Atom core

» Microsoft surprise reorganization aimed at online woes
Microsoft's online troubles hint at larger vulnerability; the company is facing challenges in areas that have been a lock for many years

Beyond AntiVirus: Symantec Endpoint Protection
Today's threats to the endpoint are much more dangerous as they rapidly evolve to evade traditional security measures. To combat these threats, companies should supplement existing security with proactive behavioral based technologies. Join this webcast to learn about Symantec's next generation AntiVirus solution that provides that level of protection. Sponsor: Symantec

» Click here to view this Webcast

Zombie PCs Are Attacking Your LAN
A recent study showed that malware-infected zombie PCs are now a bigger threat to ISPs and Web infrastructure than DoS attacks. As this brand new IT Strategy Guide explains, an increased use of peer-to-peer techniques by the attackers has made it harder to fight back. Download now, compliments of Verio:

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Refine your company's plan for a Business Disruption Event - Many firms fail to consider how lines of communication will stay open in the event of a BDE. Make sure your company's mobile...
Telepresence For The Enterprise - Companies today are facing an array of business challenges, including the growing number of remote and virtual employees;...
Are you being asked to do more with less? - Is providing remote access for some users simply too expensive? Download this research report to learn how companies can...
They Can't Steal What You Don't Have - Citrix Online recently conducted a comprehensive survey on remote access and security to find out how organizations are ...
A Closer Look at SaaS Purchasing Behaviors and Attitudes - Citrix Online recently conducted a survey on the subject of SaaS purchasing behaviors and attitudes by gathering feedback...
Configuration Assessment: Choosing the Right Solution - Configuration assessment lets businesses proactively secure their IT infrastructure and achieve compliance with important...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

•

Application development

•

•

•

•

•

•

•

•

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

FIND PRODUCTS AND COMPANIES

» COMPLETE PRODUCT GUIDE

TECHNOLOGY INDEX

• Applications
• Application Development
• Security
• Networking
• Wireless
• Platforms
• Hardware
• Data Management
• Storage
• Web Services
• Business
• Telecom
• Professional Services
• Standards

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
SGI - SGI Adaptive Data Warehouse: Building a High-End Oracle Data Warehouse Microsoft - Learn about the software-based VoIP solution from Microsoft. Vizioncore - Complete Solutions for Virtual Server Management Microsoft - Meet Windows Server 2008. The server unleashed. HP - Whitepaper: How IT Quality Managers Respond to SOA Change Xerox - Experience the colorful side of business at www.frugalcolor.com IBM - Webcast: Take control of your content- leverage MOSS HP - Whitepaper: Software Quality Management for SOA AT&T - Thinking about IMS AT&T - Factors to consider when comparing DSL or Cable AT&T - Going mobile with today's technology AT&T - What to expect from a Technology Assessment. Polycom - Telepresence For The Enterprise GoToMyPC - Research Brief: Providing Secure and Cost-Effective Remote Access AppAssure - Keeping the E-Mail Flowing Tripwire - Secure your virtual and physical environments with the same software. CA - Efficient - Flexible - Compliant PGP - Is Your Data Safe? Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation Curl - IT Guide: Rich Internet Application (RIA) Security Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. Cirba - Advanced Workload Analysis Techniques		Rackspace - Go Green Without Sacrificing Server Performance CA - Manage your IT more effectively. AT&T - Measuring mobile productivity CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event Cirba - Consolidating Workloads onto Mainframes AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist