The U.S. State Department on Wednesday confirmed that its internal
computer system, which is used to screen visa applicants, was temporarily
crippled by the so-called ‘friendly’ Welchia worm.
A State Department spokesperson told internetnews.com the Welchia
worm was detected in its Consular Lookout and Support System (CLASS), which
ties into databases from law enforcement agencies to screen visa
applications at embassies worldwide.
Once detected, the spokesperson said the Department quarantined
communications between domestic and overseas offices and began disinfecting
the network. “Welchia disrupts the speed of the network and slows normal
communications to a crawl,” she said, noting that the CLASS system was not
damaged by the infection.
The State Department spokesperson said the infection was the result of
“something introduced into the network” and dismissed suggestions that the
Welchia worm may have sneaked into an unpatched system.
The W32.Welchia.Worm, which created major headaches for IT
administrators last month, typically uses two separate security
vulnerabilities to infect networks around the world. In addition to sneaking
in via the DCOM
RPC vulnerability in some versions of Microsoft’s Windows operating
systems, Welchia propagates through TCP port 80 on Microsoft IIS 5.0 systems
that have not patched the Microsoft Windows WebDav (ntdll.dll) Buffer
Overflow Vulnerability.
The State Department spokesperson could not say whether the infection
happened at a domestic or overseas location.
“The majority of desktops are back up and running. As of 9:00 p.m last
night, [the CLASS system] was operating and functioning normally,” she said.
According to the Associated Press, the State Department’s issued a
warning to embassies and consular offices worldwide that that the CLASS
system was down due to a virus found in the system. The outage lasted for a
few hours and was described in the report as “not a major problem.”
The report said the State Department had invested heavily in the CLASS
system since the events of September 11, 2001. The system taps into a
database that includes the names of at least 20,000 people accused of
serious Customs violations and the names of 78,000 suspected terrorists.