Technicians on Okinawa say they have Zotob worm under control
August 24, 2005
CAMP FOSTER, Okinawa — It was a long, exasperating weekend for computer technicians on Okinawa battling a worm that infected the Marine Corps’ intranet system.
“We’ve had 47 people fighting this around the clock — 24/7 — since Thursday,” said John McKnight, site manager for Electronic Data Systems, the contractor that maintains the Navy Marine Corps intranet system.
“It’s affected computers on all of our bases,” McKnight said Monday.
McKnight said computer problems on Okinawa were noticed early Thursday morning. The worm, known as Zotob, began to infect computer systems in the United States using the Windows 2000 operating system within days of Microsoft’s Aug. 9 announcement of a vulnerability fix in the system’s plug-and-play features.
Worms are malicious programs that replicate until storage space on a computer is filled, slowing network speeds and forcing individual computers to reboot and shut down.
Andrew Leist, an assistant administrator for EDS on Okinawa, said there was no serious breach of security in the Marine system on Okinawa.
“The major impact we’ve seen is slowing the system down,” he said. “Most typically, what a computer user will see is that his machine is real, real slow.”
Leist said EDS was kept jumping through the weekend to deal with variations of the Zotob worm.
“There have been 11 variations so far,” he said. “But we are in the tail end of cleaning up now. The big issue today is that a lot of users didn’t leave their computers on when they left work for the weekend. We should be in decent shape by Tuesday.”
Zotob and its variants apparently affected only systems using Windows 2000.
“For example, Kadena (Air Base) uses Windows XP, so they were OK,” Leist said.
EDS was awarded a $4.1 billion contract in 2000 to consolidate, upgrade and manage the Navy and Marine Corps intranet system worldwide. But while that upgrade is continuing, the old way of doing things made the Okinawa system vulnerable.
“Because we are a military network, we can’t apply security patches until we get permission from the Marine Corps Network Operations (in Quantico, Va.),” Leist said. “That process can take longer. We saw Microsoft’s release of the patch, but our hands were tied. We had to wait for permission from the proper channels.”
“That won’t be such a problem in the future,” McKnight said. “Starting in November we’ll be putting a new system in place. Once it’s up and running everything will automatically be patched in, precluding this kind of a problem in the future.”
On Monday EDS issued a notice to users of Marine Corps computers on Okinawa to leave their computers on and connected to the network when they left for the day. Leist said users who work from home should also ensure that their personal computers have up-to-date protection.
“All DOD home users are authorized to use DOD-provided virus software for free,” he said. “But it’s up to the individual user to download the upgrades. If you are unsure about what you need, ask your system administrator or go to www.cert.mil and download the antivirus [software].”
Users also can call the EDS/NMCI Help Desk at 117.