Air Force News

Task force takes DOD lead to stop computer virus

Released: 31 Mar 1999

WASHINGTON (AFPN) --The Defense Department's new computer defense team worked all weekend to inform employees of a new macro virus and instruct them on how to fix it.

The Joint Task Force-Computer Network Defense and its components, including the military service Computer Emergency Response Teams and the Defense Information Systems Agency's DOD CERT, have been working 24 hours a day since March 26 after learning of the "Melissa" virus. The JTF and its components wanted to ensure informational bulletins were out to DOD employees before they returned to work March 29.

"By 7 a.m. EST on Saturday, our components had advisory bulletins distributed throughout the world and posted to the Web, informing employees about the virus, what it was, and what action to take if they received the virus or were already infected," said Army Col. Larry Frank, director of operations, JTF-CND. "In addition to technical fixes, the components also placed log-on banners on their systems to alert employees when they logged on to their computers."

The quick reaction seems to be working.

"We continue to revise and update our advisories as new information becomes available," said Frank. "Luckily, the department reacted quickly to this and we were not hit as hard as we could have been. Unlike previous incidents where we started out behind, this time the standing JTF structure, with its service components, gave us a way to react quickly and get out ahead of the situation. This was a successful joint team effort."

The advisories contain a summary of the virus, what it does, information on the latest signature files from the Norton and McAfee antivirus software programs and what to do if users receive an infected file. Both antivirus programs are available to DOD users through a DOD-wide software enterprise license. Users are also told to delete any messages they receive like this and not to open the attachment.

"Melissa" is a Microsoft Word 97 and Word 2000 macro virus transmitted as an attachment to an e-mail message. The virus has a subject line that reads "Important message from ." The body of the e-mail says "Here is the document you asked for....don't show it to anyone else ;)." If the e-mail user opens the attachment and uses the Outlook or Outlook Express e-mail client, the virus sends itself to the first 50 addresses in the user's address book. The virus will also store the macro in the system's "" template, generally the one used for everyday use, and the action could be repeated in future documents.

The virus, if activated, also turns off Microsoft Office's macro protection, which can leave users more vulnerable to future viruses. It is recommended that users check and re-activate their macro protection after cleansing their systems.

This virus can be a dangerous nuisance, but it does not do permanent damage.

"If people are properly informed and know the appropriate actions to take, the threat is minimized significantly. That's why it was so important to take rapid action to blanket DOD with information on a virus like this," said Frank.

The JTF was established Dec. 30 and is the first DOD-wide organization of its kind to be the focal point for defending DOD networks and systems.


* Defense Information Systems Agency
* Department of Defense
* U.S. Army