Virus prompts partial EPA shutdown
- By Elana Varon
- Nov 10, 1996
last week a computer virus wiped out files in an estimated 600 workstations in the mid-Atlantic region of the Environmental Protection Agency and disabled up to two dozen other computers causing the agency to shut down its network operations in the region on Thursday.
Jim Newsom deputy associate regional administrator at regional headquarters in Philadelphia said the shutdown primarily affected word processing applications and use of electronic mail. None of the agency's national databases were affected by the virus he said nor apparently did it attack the regional office's network servers.
The virus which first appeared at the EPA's Wheeling W.Va. office on Wednesday evening went undetected by three levels of virus detection software Newsom said. When systems managers could not contain the problem overnight they shut down their local-area networks.
"We're just getting a handle on it right now " said Edward Kratz a LAN expert with the EPA. Kratz said the agency has not determined how the virus got into the system. "Someone may have downloaded something from the Internet or someone may have a contaminated floppy disk " he said.
Kratz said the virus has been identified as a Mutation Engine (MTE).
Anti-Virus Software Questioned
According to Winn Schwartau an information security consultant MTE is not a virus but it causes other viruses to mutate.
"If their scanning software didn't detect it they probably need updated scanning software or [they need] to buy from a different manufacturer " he said. "There is a possibility that there is a new strain of a virus that has not been detected by everybody yet but looking at their scanning software is the first thing I would do."
EPA officials said the mid-Atlantic region uses anti-virus software developed by the agency's National Computer Center Research Triangle Park N.C. as well as Intel Corp.'s LANDesk software. Kratz said however that the agency is not sure yet whether a specific package is to blame. "My concern is we don't arbitrarily say the software didn't work " he said.
According to the EPA technicians from the National Computer Center have been dispatched to Philadelphia to install updated software.
Brett Miller a technical marketing manager with Intel said that according to a call received by the company's support desk from the EPA on Friday the version of LANDesk that the agency is using is about 2 years old. He said the current version of the product and an upgrade due out this month detect polymorphic viruses such as MTE.
Virus Believed Contained
Newsom said he believes the virus was contained within the mid-Atlantic region but he said he could not be sure.
"We don't think it happened that there was much transfer of files when this happened but we cannot totally discount it " he said. "We don't know the full extent of this."