Most agencies slammed Anna Kournikova virus over the net

Most agencies slammed Anna Kournikova virus over the net

BY TONY LEE ORR | GCN STAFF

Most federal agencies hit a blazing return of serve last week when a virus masquerading as a photo of tennis star Anna Kournikova attacked systems worldwide.

Previous experiences with similar e-mail-borne viruses, such as the ILOVEYOU bug that mired systems last May, probably helped agencies prepare for the latest worm, Commerce Department chief information officer Roger Baker said. The virus, which caused little hardship, affected only a couple of offices within Commerce, he said.

The e-mail attack inspired yawns at the Labor Department, officials said.


align="right" width="110">

size="2" color="#FF0000">Roger Baker

The Environmental Protection Agency's firewalls stripped the Visual Basic file from e-mail messages before they reached intended recipients, said Myra Galbreath, a division director in EPA's Office of Environmental Information.

At the Education Department, where CIO Craig Luigart previously had described the ILOVEYOU virus as a CIO's worst nightmare, information technology staff members wrote a script that took care of the latest bug immediately after the first infected e-mail hit Education servers about 10 a.m., he said.

Ira Hobbs, the Agriculture Department's acting CIO, said that although the virus had affected some USDA agencies, it was mainly an inconvenience. The department is upgrading its antivirus software and working on minimizing such occurrences.

No entry

The Justice Department received no reports of infection, a department spokeswoman said, adding that Justice has a variety of virus scanning techniques in place to prevent infections.

A Customs Service spokesman said the virus posed no major problems, and the help desk handled all queries from those who received the e-mail.

The virus, a Visual Basic executable file, arrives as an e-mail attachment that would seem to be a digital photo of Kournikova, said officials at the CERT Coordination Center at Carnegie Mellon University. On systems running Microsoft Windows programs that have the 'Hide file extensions for known file types' function turned on, users are tricked into thinking the attachment is simply a JPEG or graphic file, center officials said.

Once activated, the virus places a copy of itself into the Windows directory, then attempts to send separate infected messages to each address in the Microsoft Outlook contacts folder. After sending the messages, the malicious code creates a new registry key to prevent future mailings, the center said.

Most federal systems were protected because IT staff had previously configured firewalls to filter out messages containing Visual Basic files.

The virus doesn't appear to be destructive, Baker said. But the center warned that the hacker community often quickly modifies code for more nefarious activity.

At the Defense Department, where the ILOVEYOU virus forced installations to shut down public servers, the new e-mail strain had minimal affect. Early detection, built-in protections and alert notices prevented infection.

'We train before a virus like this happens,' said Lt. Jane Alexander, a Navy spokeswoman. The latest bug affected less than a handful of the service's people, she said.

At Quantico Marine Corps Base, Va., where the ILOVEYOU virus bit techies hard, systems teams blocked all Visual Basic files from the base's systems.

'We only had two infections,' said Sgt. John Sayas, a Quantico spokesman. 'They caught the matter real quick and put restrictions in.'

GCN staff writers Dawn S. Onley and Preeti Vasishtha contributed to this report.

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above