IRS takes blanket approach to Blaster worm

IRS takes blanket approach to Blaster worm

When the MSBlaster virus wormed its way through computers last week, the IRS took out an insurance policy to protect its systems.

'We moved to fix systems before we had a problem,' said Jim Kennedy, IRS program manager for enterprise systems management. The service uses IBM Tivoli management applications to distribute software electronically to systems enterprisewide.

The worm, which exploits a vulnerability in Microsoft Windows, infects unsuspecting computers with code that could have resulted last week in a denial-of-service attack against a Microsoft Web site. The virus reportedly spread through over 550,000 systems, according to Symantec Corp. of Cupertino, Calif., despite the availability of a patch from Microsoft Corp.

Instead of checking whether individual users were experiencing problems, Kennedy and his team used the Tivoli Software Distribution 4.1 product to blanket the tax agency's computers with the Microsoft RPC patch and behind that Symantec's clean-up tool. 'If a machine is infected with Blaster, the software cleans it up; if not, it does nothing,' he said.

The IRS started patching and cleaning last Wednesday night, Kennedy said. As of yesterday, 54,000 computers had been swabbed. There are another 22,000, many of which might not have been connected to the network, still in the queue for checking and cleaning.

'We'll let the electronic push run for another couple of days and then take a reading and see if we want to make any manual corrections,' he said.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group