Most agencies dodge Melissa

Federal agencies rallied their computer security forces last week to keep the
Melissa virus in check. But the pesky mail-traveling infection nevertheless caused trouble
for some agencies, including Defense Department organizations participating in the NATO
air strikes in Yugoslavia.

One DOD base was “pretty well wiped out,” in a technological sense, March 26,
said Col. John Thomas, chief of the Defense Information Systems Agency’s Global
Operations and Security Office.

Because of the department’s highly networked environment, the virus spread quickly
to Europe, threatening DOD computers during the NATO bombing campaign, he said. But DOD
managed to get the situation in hand quickly without jeopardizing any warfighters,
deleting some 23,000 infected e-mail documents between Friday, March 26, and Monday, March
29, Thomas said.

“It didn’t blow up in the Defense Department the way it did in some places
because we got on it pretty quickly,” he said.

Agencies throughout government activated computer emergency response teams and
initiated plans to stem the ability of the virus to penetrate government systems. Although
federal officials generally declined to discuss damage the virus caused, they offered
information about efforts to inoculate systems against attack.

The Federal Computer Incident Response Capability, which acts as a security alert
organization on threats to government computers, said calls and e-mail about the virus
began pouring in from users at around 2 p.m. on Friday, March 26.

DOD officials said they first learned about Melissa around 4:50 p.m. that day.

Calls flooded the offices of Lt. Gen. William Campbell, the Army’s director of
information systems for command, control, communications and computers.

“We were hit as hard as anyone else, and what we more or less immediately tried to
do was to block all e-mail of the approximate size or larger of the infected file being
transmitted,” said Col. John C. Deal, Campbell’s executive officer.

What impressed Deal most, he said, was how rapidly the virus spread and how quickly
organizations everywhere responded.

DISA on Friday sent out a flash pop-up message about the virus, which prevented
large-scale problems, Thomas said last week at the Government Information Technology
Executive Council’s Information Processing Interagency Conference in Denver. Such
flash messages are fairly unusual, he said.

The message, which went to all DOD personnel and which the department uses only for
top-priority alerts, was the first about a computer problem, Thomas said.

The virus hit hard Friday night, Thomas said, but the flash message guaranteed that
Defense gave the threat the necessary attention. DOD was particularly vulnerable because
many of its users rely on Microsoft Corp. products, he said.

Marine Corps Systems Command in Quantico, Va., verified that the virus appeared in the
e-mail of two of the base’s 1,000 users. Quantico’s systems staff went through
individual mailboxes to cleanse and protect them from the virus, said Maj. Christopher
Biggs, the command’s assistant program manager for common computer resources.

Melissa knocked out the e-mail system at the interagency Critical Infrastructure
Assurance Office, Sarah Jane League, DOD’s liaison to CIAO, said at the Denver

The virus also affected operations at other government agencies.

The Energy Department’s Computer Incident Advisory Capability notified all
department facilities of the virus on Monday, March 29, distributing an advisory to all
site computer security personnel, said John Gilligan, Energy’s chief information

At headquarters, the IT staff took precautions to filter out e-mail sent to addresses
with its e-mail domain, Then, the department worked on Energy networks with
other domain addresses, Gilligan said.

Melissa did not have much of an impact on the Commerce Department’s e-mail
systems, Commerce CIO Roger Baker said. The Patent and Trademark Office responded quickly
to the outbreak because it uses many Microsoft products, he said.

PTO identified many instances of the virus but, because it began preventive measures on
Friday, managed to contain the spread, said Ron Hack, PTO’s administrator for
telecommunications and computer operations.

The agency used ScanMail 2.06 from Trend Micro Inc. of Cupertino, Calif., to scan every

The program tells the sender and the receiver what viruses it found and deleted, Hack

PTO updated the virus scan three times from Friday to Monday. Network engineer Keith
Curran, the agency’s antivirus guru who was in Pittsburgh that weekend, remotely
updated the virus scan after meeting with the Carnegie Mellon University Computer
Emergency Response Team, Hack said.

The agency uses more than six virus scan packages, including those from Symantec Corp.
of Cupertino, Calif., and McAfee Associates Inc. of Santa Clara, Calif.

Three Agriculture Department bureaus reported attacks, but employees were aware of the
virus and did not spread it, Agriculture CIO Anne F. Thomson Reed said.

“We’ve been tracking it,” she said. “It’s been minimal. It was
immediately stopped.”

The Environmental Protection Agency may have been somewhat insulated from the virus
because most of its PCs run Corel WordPerfect for word processing instead of Microsoft
Word, as well as Lotus Notes and Novell GroupWise, EPA CIO Al Pesachowitz said.

“I didn’t hear yesterday that we had anybody who came across that
virus,” Pesachowitz said. “Frankly, I find it hard to believe that we

The agency appears to have dodged the bullet, but to further protect itself, EPA will
centralize its LANs to improve efficiency and security, Pesachowitz said.

The FBI’s National Infrastructure Protection Center continues to investigate the
nationwide virus. Bureau officials would not comment on Melissa’s origin during a
press conference on March 29.

“I urge e-mail users to exercise caution when reading their e-mail for the next
few days and to bring unusual messages to the attention of their system
administrators,” NIPC director Michael A. Vatis said. “The transmission of a
virus can be a criminal matter, and the FBI is investigating.”

He said the virus has significant potential to cause widespread harm. “It is
difficult to put a price tag on this,” Vatis said. “It’s like quantifying
the loss of working hours.” 

GCN staff writers Christopher J. Dorobek, William Jackson, Bill Murray and Florence
Olsen contributed to this story.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.