Navy fences in Welchia worm

Navy fences in Welchia worm

The Navy said this afternoon that it had contained the Welchia worm, which yesterday ripped through the Navy Marine Corps Intranet, crippling service to thousands of computer users.

The virus struck the network yesterday at 3:05 p.m., the Navy said in a statement. The attack affected only the unclassified portion of NMCI, and the service has begun scrubbing infected systems, Navy officials said.

After the problem was identified, the Naval Network Warfare Command, the Naval Network and Space Operations Command and NMCI contractor EDS Corp. began working with Symantec Corp. of Cupertino, Calif., to fix the problem. EDS began installing a signature file for Welchia within minutes of its availability.

But by the time the patch became available, many NMCI users' systems had already been infected. 'Since then, new virus definitions have been inserted at all server farms," the Navy said.

The service has a response plan for such systems threats, said Vice Adm. Richard Mayo, commander of naval network warfare. "As use of networks becomes more crucial to national defense, protection of networks and fighting network threats will be a continuing requirement for us all."

Lynda A. Lukschander, program manager for the Marine Corps' NMCI IT infrastructure team, said the worm did not breach Corps systems because the service has not completely cut over to the intranet.

"We are still operating under the Marine Corps Enterprise Network," Lukschander said.

A recorded message at the NMCI help desk informed users that connectivity issues affected 'e-mail, Web and shared drive access due to a virus.'

'All NMCI workstations will be updated via the NMCI software delivery team,' the help desk's recorded message said and advised users to 'please remain logged in to your system.'

The message noted that the patch will automatically install and reboot each user's PC. 'Work in progress at the moment may be lost,' the help desk points out, so 'users may want to increase the frequency of saving raw data.'

The Welchia worm exploits the same vulnerability as MSBlaster, but supposedly installs the Microsoft Corp. patch for that early worm [see story].

EDS has cut over 96,815 users to the network. Ultimately, NMCI is supposed to support voice, video and data communications for nearly 400,000 Navy and Marine Corps users.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.