Sasser not a fed harasser

The Sasser worm, which crawled through unpatched computers running Microsoft Corp. Windows this week, was pretty much a nonevent for federal government offices. Or a success story, as the Homeland Security Department's Lawrence Hale said today.

Hale, deputy director of DHS' National Cyber Security Division, said although there were isolated incidents of computer infections, most federal agencies were well protected when unknown assailants released the Sasser worm on the Internet a week ago.

"We've seen isolated incidents but no mission impact," Hale said.

DHS officials issued an alert about the Sasser worm April 13, the same day that Microsoft officials released a critical security patch to protect computers from attack. Hale said the agency's alert was timed to coincide with Microsoft's.

Apparently, most agencies took advantage of the more than two weeks' lead time to apply the patch. Most patching had been completed before attackers released the Sasser worm to exploit a buffer overflow in a portion of the Windows operating system code known as the Windows Local Security Authority Subsystem Service.

The organization that defends Defense Department computer networks monitored the Sasser worm closely. "We've noticed it, followed it and it had minimal effects on DOD systems," said Tim Madden, spokesman for the Joint Task Force-Computer Network Operations (JTF-CNO).

Madden declined to comment on when JTF-CNO first noticed the Sasser worm, when officials started monitoring it and what kind of minimal effects the computer worm caused to military systems. JTF-CNO, based at the Defense Information Systems Agency, falls under control of Strategic Command, one of nine key military commands that manage missile, space and information operations from Offutt Air Force Base, Neb.

At the Department of Veterans Affairs, "much less than a half of one percent of the devices" that could have been affected by the worm were infected, said Bruce Brody, associate deputy assistant secretary for cyber- and information security. "The primary reason is that the patching [with] the Microsoft security patch initiated in April worked," he said.

There were also reports that a handful of House and Senate offices experienced problems early in the week, but the problems were quickly resolved.

-- Frank Tiboni and Sarita Chourey contributed to this article.


  • Federal 100 Awards
    Federal 100 logo

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

  • Government Innovation Awards
    Government Innovation Awards -

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

Stay Connected