Modernizing Authentication — What It Takes to Transform Secure Access
The U.S. State Department on Wednesday confirmed that its internal computer system, which is used to screen visa applicants, was temporarily crippled by the so-called 'friendly' Welchia worm.
A State Department spokesperson told internetnews.com the Welchia worm was detected in its Consular Lookout and Support System (CLASS), which ties into databases from law enforcement agencies to screen visa applications at embassies worldwide.
Once detected, the spokesperson said the Department quarantined communications between domestic and overseas offices and began disinfecting the network. "Welchia disrupts the speed of the network and slows normal communications to a crawl," she said, noting that the CLASS system was not damaged by the infection.
The State Department spokesperson said the infection was the result of "something introduced into the network" and dismissed suggestions that the Welchia worm may have sneaked into an unpatched system.
The W32.Welchia.Worm, which created major headaches for IT administrators last month, typically uses two separate security vulnerabilities to infect networks around the world. In addition to sneaking in via the DCOM RPC vulnerability in some versions of Microsoft's Windows operating systems, Welchia propagates through TCP port 80 on Microsoft IIS 5.0 systems that have not patched the Microsoft Windows WebDav (ntdll.dll) Buffer Overflow Vulnerability.
The State Department spokesperson could not say whether the infection happened at a domestic or overseas location.
"The majority of desktops are back up and running. As of 9:00 p.m last night, [the CLASS system] was operating and functioning normally," she said.
According to the Associated Press, the State Department's issued a warning to embassies and consular offices worldwide that that the CLASS system was down due to a virus found in the system. The outage lasted for a few hours and was described in the report as "not a major problem."
The report said the State Department had invested heavily in the CLASS system since the events of September 11, 2001. The system taps into a database that includes the names of at least 20,000 people accused of serious Customs violations and the names of 78,000 suspected terrorists.