Federal agencies return serve on Kournikova virus

Federal agencies return serve on Kournikova virus

GCN News Staff


FEB. 13—Most federal agencies hit a blazing return serve Monday when a virus masquerading as a photo of tennis star Anna Kournikova came bouncing into government systems.

Previous experiences with e-mail viruses such as the ILOVEYOU bug, which mucked up federal systems last May, probably helped agencies prepare for the latest worm, Commerce Chief Information Officer Roger Baker said. The virus, which caused little hardship, only affected a couple of offices within Commerce, he said.

The e-mail attack caused yawns at the Labor Department, and Myra Galbreath, a division director at the Environmental Protection Agency's Office of Environmental Information, said that EPA firewalls stripped the Visual Basic file from e-mails before they reached intended recipients, officials said.

At the Education Department, where CIO Craig Luigart described the ILOVEYOU virus as a CIO's worst nightmare, Luigart said IT staffers wrote a script that took care of the virus immediately after the first e-mail hit Education servers about 10 a.m.

The virus, a Visual Basic executable file, arrives disguised as a digital photo of Anna Kournikova, according to officials at the Computer Emergency Response Team Coordination Center at Carnegie Mellon University in Pittsburgh. Under Windows programs in which the 'Hide file extensions for known file types' function is turned on, users were tricked into thinking the attachment was simply a JPEG or graphic file, the Center said.

Once activated, the virus placed a copy of itself into the Windows directory, then attempted to send separate infected messages to each address in the Microsoft Outlook contacts folder. After sending the mail, the malicious code creates a new registry key to prevent future mailings, the Center said.

Most federal systems were protected because IT staff had previously configured firewalls to strip Visual Basic files from incoming e-mails, officials said.

The virus doesn't appear to be destructive, Baker said. But the CERT center warned that, while there doesn't appear to be a destructive payload on the Kournikova e-mail, history has shown the 'intruder community' can quickly modify code for more nefarious activity.

At the Defense Department, where the ILOVEYOU virus forced installations to shut down public servers (see www.gcn.com/vol1_no1/daily-updates/1901-1.html), the new e-mail strain had minimal affect on military systems, because early detection, built-in protections and alert notices prevented infection.

'We train before a virus like this happens,' Lt. Jane Alexander, a Navy spokeswoman, explained. In this case, the virus affected less than a handful of people.

At Quantico Marine Corps Base in Quantico, Va., where the LOVE bug bit techies hard, information technology teams blocked all Visual Basic files from reaching the base's systems. 'We only had two infections,' said Sgt. John Sayas. 'They caught the matter real quick and put restrictions in.'

The Air Force, like the other military branches, sent out an e-mail virus notice to all employees warning of the virus.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above