Malware knocks out U.S. Marshals Service network

Malware Wednesday crippled Windows-based computer systems at the U.S. Marshals Service, which hunts federal fugitives and operates the country's witness protection program, knocking the agency’s network offline.

The agency's press office confirmed it was having network problems and that its e-mail system was down this morning, but it was unclear if the outage extended across the entire network.

The press office said a statement would be issued today, but has yet to be released.

Per government regulations agencies are required to report security incidents to the US-Computer Emergency Readiness Team (US-CERT). A call to CERT was not returned by press time.

It was not clear if the malware was the cause of the network outage or if the agency took down systems to stem the spread of what was believed to be the Neeris worm, which saw a new version appear last month that copies Conficker's evil ways.
The agency was running desktop malware software, but it had not been updated for more than three years even though the agency had paid for upgrades to newer versions that protect against Neeris. In addition, Microsoft has issued two patches, one in 2006 and one in October, to close holes in its software exploited by Neeris.

The agency's Web site was up and running this morning, but a receptionist in the press office said "the agency's whole e-mail system is down, and the agency is unable to receive e-mail."

Later, another press office staffer confirmed that there were network problems.

Members of the agency's IT staff were communicating with vendors via Gmail accounts as they attempted to work through the issue.

The U.S. Marshals Service, a division of the Department of Justice, is the oldest federal law enforcement agency and has served the country since 1789.

There was no word if the problems had spread to the DOJ or to other agencies under the DOJ.

The U.S. Marshals Service has approximately 4,901 employees, which includes 94 U.S. marshals and 3,324 deputy U.S. marshals and criminal investigators. The agency's fiscal 2008 budget was $864 million.

There were reports that the agency was hit with the Neeris worm, which infects desktops and can enable a remote user to execute malicious commands on the affected system.

Neeris and its variants are capable of propagating using multiple avenues including network shares and removable drives, via software vulnerabilities in servers to propagate across networks, and via Microsoft's instant messaging clients.
Trend Micro lists the risk rating for Neeris as "Low" but the damage potential as "High."

Michael Sweeny, global public relations director for Trend Micro, said the U.S. Marshals Service had contacted his company last night for help with its network issues.

He did not detail what those problems were and said he had not heard anything about Neeris being the culprit.

But Trend Micro's daily statistics on Neeris worm infections showed a spike from 7 p.m. to 8 p.m. May 20 that rose from nearly zero to 700 computers. Another smaller spike of about 100 computers was detected from 6 a.m. to 7 a.m. this morning (May 21).