Office of U.S. Marshals infected by Neeris virus
The virus is believed to be Neeris, a new malware variant that has been customized to exploit the same vulnerability as the notorious Conficker worm, Nikki Credic, a spokewoman for the Marshals confirmed to SCMagazineUS.com on Friday. She added that there may have been multiple computers infected. Within the public relations office alone, one or two people noticed suspicious changes in their computers.
“Neeris and Conficker look for missing patches. If the PCs and servers are patched, the malware doesn't work,” John Pescatore, research director and vice president at Gartner, told SCMagazineUS.com in an email on Friday. “The patch for this has been out since October 2008.”
The United States Marshals Service (USMS), a federal law enforcement agency within the U.S. Department of Justice, is the nation's oldest federal law enforcement agency, having served the country since 1789. The virus in its computer network was discovered early Thursday morning. At that time, the IT staff disconnected the marshals' computers from the Justice Department's network to prevent further spread, Credic said. In addition, the marshals' internet connection was shut off all day Thursday, and only internal email was functional, Credic said.
Working with anti-virus vendor, Trend Micro, the IT staff updated its anti-virus software and pushed updates to all agency computers, Credic said.
“They had an out-of-date product as far as we know,” Michael Sweeny, global public relations director at anti-virus company Trend Micro, told SCMagazineUS.com on Friday.
By Friday morning, email and internet connections were back up and running at the USMS, Credic said. “It appears they have resolved the problem."
Credic added that no data was compromised or at risk as a result of the virus infection.
The FBI is said to be having similar problems, the agency told the Associated Press on Thursday. When contacted by SCMagazineUS.com on Friday morning, a spokesman at the FBI's press office said his email was down, but did not provide additional details.
“We too are evaluating a network issue on our external, unclassified network that's affecting several government agencies," FBI spokesman Mike Kortan told the AP.
Gartner's Pescatore said that this incident illustrates the importance of making sure computers are patched. Also, email and PC anti-virus programs should be kept up-to-date. And, a web security tier that blocks incoming malware from web connections is equally important, he said.
“It sounds like the problem here was both missing patches and missing AV – definitely below a due diligence level of protection,” Pescatore said.