IRS takes blanket approach to Blaster worm

IRS takes blanket approach to Blaster worm

When the MSBlaster virus wormed its way through computers last week, the IRS took out an insurance policy to protect its systems.

'We moved to fix systems before we had a problem,' said Jim Kennedy, IRS program manager for enterprise systems management. The service uses IBM Tivoli management applications to distribute software electronically to systems enterprisewide.

The worm, which exploits a vulnerability in Microsoft Windows, infects unsuspecting computers with code that could have resulted last week in a denial-of-service attack against a Microsoft Web site. The virus reportedly spread through over 550,000 systems, according to Symantec Corp. of Cupertino, Calif., despite the availability of a patch from Microsoft Corp.

Instead of checking whether individual users were experiencing problems, Kennedy and his team used the Tivoli Software Distribution 4.1 product to blanket the tax agency's computers with the Microsoft RPC patch and behind that Symantec's clean-up tool. 'If a machine is infected with Blaster, the software cleans it up; if not, it does nothing,' he said.

The IRS started patching and cleaning last Wednesday night, Kennedy said. As of yesterday, 54,000 computers had been swabbed. There are another 22,000, many of which might not have been connected to the network, still in the queue for checking and cleaning.

'We'll let the electronic push run for another couple of days and then take a reading and see if we want to make any manual corrections,' he said.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.