Navy fences in Welchia worm

Navy fences in Welchia worm

The Navy said this afternoon that it had contained the Welchia worm, which yesterday ripped through the Navy Marine Corps Intranet, crippling service to thousands of computer users.

The virus struck the network yesterday at 3:05 p.m., the Navy said in a statement. The attack affected only the unclassified portion of NMCI, and the service has begun scrubbing infected systems, Navy officials said.

After the problem was identified, the Naval Network Warfare Command, the Naval Network and Space Operations Command and NMCI contractor EDS Corp. began working with Symantec Corp. of Cupertino, Calif., to fix the problem. EDS began installing a signature file for Welchia within minutes of its availability.

But by the time the patch became available, many NMCI users' systems had already been infected. 'Since then, new virus definitions have been inserted at all server farms," the Navy said.

The service has a response plan for such systems threats, said Vice Adm. Richard Mayo, commander of naval network warfare. "As use of networks becomes more crucial to national defense, protection of networks and fighting network threats will be a continuing requirement for us all."

Lynda A. Lukschander, program manager for the Marine Corps' NMCI IT infrastructure team, said the worm did not breach Corps systems because the service has not completely cut over to the intranet.

"We are still operating under the Marine Corps Enterprise Network," Lukschander said.

A recorded message at the NMCI help desk informed users that connectivity issues affected 'e-mail, Web and shared drive access due to a virus.'

'All NMCI workstations will be updated via the NMCI software delivery team,' the help desk's recorded message said and advised users to 'please remain logged in to your system.'

The message noted that the patch will automatically install and reboot each user's PC. 'Work in progress at the moment may be lost,' the help desk points out, so 'users may want to increase the frequency of saving raw data.'

The Welchia worm exploits the same vulnerability as MSBlaster, but supposedly installs the Microsoft Corp. patch for that early worm [see story].

EDS has cut over 96,815 users to the network. Ultimately, NMCI is supposed to support voice, video and data communications for nearly 400,000 Navy and Marine Corps users.

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group