The virus shut down the State Department's Consular Lookout and Support System (CLASS) on Tuesday, according to published reports from Reuters and the Associated Press. A State Department representative CNET News.com reached Wednesday would not confirm that the system had crashed but indicated that IT personnel were working on a problem.
Late Wednesday, the State Department provided more details of the incident. According to spokeswoman Joanne Moore, at 4:30 a.m. Tuesday morning, the department's IT workers discovered the Welchia worm virus on an "unclassified open network" area of the CLASS system and began taking measures to contain the attack.
At that time, the State Department sent a message to employees around the world warning them that CLASS was being temporarily shut down in order to prevent Welchia from spreading. However, Moore indicated that the virus never truly infiltrated CLASS.
"At no time did the virus infect or corrupt the (CLASS) system," Moore said. "Due to the fast-spreading virus activity, the department was forced to quarantine all international communications."
Welchia and the related MSBlast virus target openings in Microsoft's Windows operating system and have been linked to a number of government computer failures. A new report from the Computer and Communications Industry Association asserts that reliance on a single technology such as Windows for an overwhelming majority of computer systems threatens the security of the U.S. economy and critical infrastructures.
CLASS has been identified as one of the tools the U.S. government is leaning on to help stem the flow of terrorists and other criminals entering the United States. According to the State Department, CLASS has been improved over the past two years and now can access more detailed information banks to scrutinise eligibility of potential visa applicants.
In a letter sent to Congress earlier this year, President Bush said CLASS contains about 13 million name records, which increases the State Department's ability to recognise individuals who might be a threat to national safety.
"CLASS now has over 78,000 records of suspected terrorists, up 40 percent in the past year," Bush wrote in his letter. "This will allow federal, state and local entities to share information nationwide that will ultimately contribute to securing our borders and protecting our nation."
One security expert said a CLASS shutdown could be a short-term black eye for the State Department, but he pointed out that MSBlast similarly caught many corporations that have huge IT security budgets off-guard. Pete Lindstrom, an analyst with Malvern, Pa.-based Spire Security, said while it may be disturbing to see that the U.S. visa approval system is vulnerable, "everyone slips up."
"What this situation highlights is the need for companies and governments to move security from the perimeter level to a layered level, something we've been talking about within the industry for years," Lindstrom said.
He said the current antivirus strategy, typically implemented at the firewall, works acceptably against the known threat of e-mail viruses but can't prevent worms such as MSBlast from spreading. By installing security tools throughout different layers of IT rather than just at a system's perimeters, organisations could increase their protection levels, he said.
In regard to Microsoft and potential weaknesses in Windows, Lindstrom said it's too easy to blame a vendor for security breaches.
"The truth is that there is sufficient technology out there right now to protect organisations from almost any threat out there," he said. "It's mostly in how you use it."
