Navy fences in Welchia worm

Navy fences in Welchia worm

The Navy said this afternoon that it had contained the Welchia worm, which yesterday ripped through the Navy Marine Corps Intranet, crippling service to thousands of computer users.

The virus struck the network yesterday at 3:05 p.m., the Navy said in a statement. The attack affected only the unclassified portion of NMCI, and the service has begun scrubbing infected systems, Navy officials said.

After the problem was identified, the Naval Network Warfare Command, the Naval Network and Space Operations Command and NMCI contractor EDS Corp. began working with Symantec Corp. of Cupertino, Calif., to fix the problem. EDS began installing a signature file for Welchia within minutes of its availability.

But by the time the patch became available, many NMCI users' systems had already been infected. 'Since then, new virus definitions have been inserted at all server farms," the Navy said.

The service has a response plan for such systems threats, said Vice Adm. Richard Mayo, commander of naval network warfare. "As use of networks becomes more crucial to national defense, protection of networks and fighting network threats will be a continuing requirement for us all."

Lynda A. Lukschander, program manager for the Marine Corps' NMCI IT infrastructure team, said the worm did not breach Corps systems because the service has not completely cut over to the intranet.

"We are still operating under the Marine Corps Enterprise Network," Lukschander said.

A recorded message at the NMCI help desk informed users that connectivity issues affected 'e-mail, Web and shared drive access due to a virus.'

'All NMCI workstations will be updated via the NMCI software delivery team,' the help desk's recorded message said and advised users to 'please remain logged in to your system.'

The message noted that the patch will automatically install and reboot each user's PC. 'Work in progress at the moment may be lost,' the help desk points out, so 'users may want to increase the frequency of saving raw data.'

The Welchia worm exploits the same vulnerability as MSBlaster, but supposedly installs the Microsoft Corp. patch for that early worm [see story].

EDS has cut over 96,815 users to the network. Ultimately, NMCI is supposed to support voice, video and data communications for nearly 400,000 Navy and Marine Corps users.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected