U.S. Marshals Run Outdated Antvirus, Get Infected

The FBI and U.S. Marshals were yesterday struck with a virus that left them with no choice but to shut down parts of their networks.

The malware is believed to be the Neeris worm. Several reports indicate that the problem was caused by the U.S. Marshals Service running backlevel antivirus software, Trend Micro’s OfficeScan v5.0, as well as not applying patches to its computers.

Neeris targets unpatched computers in the same way the Conficker worm does. “Neeris and Conficker look for missing patches. If the PCs and servers are patched, the malware doesn't work,” John Pescatore, research director and vice president at Gartner, told SCMagazineUS.com. However, Pescatore added that, “The patch for this has been out since October 2008.”

SCMagazine reports (citing USMS spokesperson, Nikki Credic) that when the virus was discovered, IT staff disconnected the marshals' computers from the Justice Department's network to prevent further spread. The marshals' internet connection was shut off all day Thursday, added Credic with only internal email operational.

The FBI were similarly affected. "We too are evaluating a network issue on our external, unclassified network that's affecting several government agencies," FBI spokesman Mike Kortan told the Associated Press. Kortan reportedly did not elaborate on the situation, nor did he identify the other agencies.

Read the full story from SCMagazine here.