|
Cyber Security
Watch US.BLAST.D
Worm Wreaks Havoc on US Post Office, Mail Delivery Halted
The
speed at which the virus spread was shocking, even to seasoned virus
researchers.
By the time Lawanna returned to the Steinbeck, Tennessee
distribution center at 10:00am, the virus was already interrupting a
few deliveries between Memphis and Chicago.
Eight minutes later, the entire United States Postal Service
suffered massive, cascading failures and ground deliveries came to an
unexpected halt as the virus choked the network with its own traffic.
Virtually every piece of paper mail in the entire country, from birthday cards to
magazines, from summons to subscription renewals, was infected with the worm in a matter of minutes -- and there
was nothing anyone in the government or the computer industry could do
to stop it. A crisis of this nature has never hit the United States--or any developed nation--before. Up until now, most security experts have accepted as common knowledge that computer viruses can only be spread through Microsoft Office documents, the Microsoft Worm Server, Microsoft Outlook email messages, or the Microsoft Internet Explorer web browser.
Analysis
of the virus is still in its preliminary stages, but reports have
begun to emerge from researchers which warn that the virus transmits
itself by exploiting a previously unknown security hole sewn into the
canvas mail bags carried by postal workers all over the country. Since
early July when the terms of the government's previous contract with
Canvas USA Co. expired, canvas bags have been provided to the
government exclusively through a textile subsidiary of Microsoft
Corporation.
According to statistics gathered in late August, more than
ninety percent of postal carriers in the United States are already
carrying the new Microsoft bags. This
dependency on a single vendor of canvas bags is what made the ground
mail delivery network especially vulnerable to just this sort of
attack, experts say. The
U.S. government has not yet released specific details
regarding how the virus is transmitted.
Some clue may be provided by a recent story in Wired,
which reports that a message was posted to a A
worm, also known as a "trojan" or a "macro", is a
computer program written to do harm.
According
to the message which described the theoretical attack, the virus would
then look for names and addresses on the backs of envelopes to which
it would mail copies of itself.
Once received and opened by recipient X, the infected letter
will mail itself to any names and addresses it finds written in a
journal, an address book or a daily planner.
It could even possibly cull addresses from post-it notes on a
refrigerator.
The worm will also mail copies of itself back to everyone who
has sent recipient X a piece of mail in the last five days.
If
this theoretical security hole could be exploited, wrote the anonymous
poster, "a sudden overload of the US Mail system could occur in
just minutes, almost too fast for anyone to realize what has
happened." No
one is certain if this is exactly the type of attack that occurred.
One solid detail that has emerged from virus researchers
working on restoring the US mail system is that in addition to
spreading through ground delivery routes and home address books, the
virus also uses a wedding invitation that has an RSVP card enclosed to
establish a connection to the IRC network, but the method and purpose
of this connection are still unknown. There are already numerous reports that the letter which has crippled ground mail delivery across the entire nation will be addressed to the victim who receives it, but it will have a return address purporting to be from "Credit Card Company" followed by a post office box number in Taiwan, and it will be stamped "Three Due Notice Late Payment" in red ink on the front. Everyone is therefore warned not to open any such letter if it is received. Dispose of it immediately either by burning or shredding. Until a patch can be created by Microsoft and deployed by the MCSEs who maintain the nation's critical infrastructure, President Bush has urged all Americans to lock in a safe or a drawer all of their pens, pencils, stamps, white paper and envelopes so that they cannot be exploited by the virus and used to write out more copies of itself.
Microsoft
CEO Steve Ballmer issued a statement in response to the catastrophe,
where he condemned the attacks as being the work of "thieves,
con artists, terrorists and hackers" who are intent on
destroying American freedoms and embarrassing Microsoft.
He also reiterated that Microsoft is focused first and foremost
on the security of its products, as it always has been since early
last year.
He said the scripting vulnerability discovered today in the
Microsoft canvas mail bag was due to a rich content feature the
company's customers had asked for.
He
also said the situation will improve in coming years, as big changes
are in store for the WormBasic programming language and its web
derivative, WormScript.
Once ported over to the Microsoft .NET trusted framework, rich
worms written using the new Worm# (worm-sharp) language will be much
more secure, he promised. Microsoft
is about to release a preliminary security patch which should protect
some of its mail bags from the exploit utilized by the US.BLAST.D
worm.
The company said it will release a patch for this patch in a
month or two, which should secure more bags and correct problems
caused by the initial patch. Users of alternative mail and package delivery systems such as FedEx and UPS are not affected by the virus, researchers said. "It's not that the non-Microsoft canvas bags used by FedEx and UPS are inherently more secure," explained Jorge Lopez, a Microsoft Certified Systems Engineer, "it's that the U.S. Postal Service represents a much, much larger target for hackers." RELATED STORIES ON DIVISIONTWO: |
The
first computer worm to be able to infect regular paper mail and
transmit itself through the U.S. Postal Service was discovered early
morning Monday, October 6, in a suburban Memphis distribution center.
