Virus hits two classified systems, stalls e-mail access at Defense

Virus hits two classified systems, stalls e-mail access at Defense

The ILOVEYOU virus rapidly wormed its way into two Defense Department classified systems via e-mail attachments.

The Joint Task Force on Computer Network Defense received a report late on May 4 that the bug had contaminated a classified internal e-mail system, said Kenneth Bacon, the assistant secretary of Defense for public affairs.

The following day, task force officials at Peterson Air Force Base, Colo., reported that another classified system was infected.

'The virus was quickly detected and contained,' Bacon said. The bug contaminated less than 1 percent of the network, and task force officials reported no impact on military operations, he said.

The overall impact of the virus was minimal, a DOD spokesman said. 'Some installations had to shut down their public servers,' task force spokesman Scott Johnson said. 'It was a minor inconvenience more than anything else.'

Marine Corps officials took their Microsoft Exchange servers off-line for about 24 hours, said Capt. Carl M. Wright, chief information security officer at the Network Operations Center at Marine Corps Base Quantico, Va.

The Corps' experience with the Melissa virus in March last year, which killed access to DOD's Non-Classified IP Router Network e-mail for five days [GCN, Aug. 23, 1999, Page 52], prepared the Corps for the Love Bug, Wright said. 'The impact was substantially less' than with Melissa.

Corps officials first heard about the virus' rapid European proliferation at 7 a.m. EST, he said. 'We tried to get a copy of it to see what it did,' an effort that other DOD organizations also undertook, he said. Wright received a copy by early afternoon.

In the afternoon, Corps officials decided to shut off NIPRnet access until they could obtain an updated signature file from an antivirus software vendor to eradicate the bug.

'From a cost-benefit analysis, we decided the cost of a cleanup would be greater than what we lost' by denying NIPRnet access, he said. Within 24 hours, most of the Exchange servers were back online with NIPRnet access, he said.

'We got a lot of calls,' said Maj. Michael McNett, director of the Army Network and Systems Operations Center at Fort Huachuca, Ariz. 'Some sites brought down their Microsoft Exchange servers to proactively deal with it. We got a few reports of that from various sites.'

Despite the struggles, 'overall, it went pretty well,' he said.

'Bill Murray

inside gcn

  • security compliance

    Security fundamentals: Policy compliance

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above