Update: Navy says intranet hit by worm but still functioning

Computerworld - WASHINGTON -- The Navy confirmed late today that its multibillion-dollar Navy/Marine Corps Intranet (N/MCI) was hit by a variant of the Blaster worm.
Earlier in the day, the Navy had said the network had been taken off-line possibly by a combined onslaught of the Blaster worm variant and Sobig.F Internet worms, which were spreading fast on the Internet (see story). But the impact was apparently much less severe.
Nicolle Rose, a Navy spokeswoman, said the N/MCI was first affected by the Blaster variant, also known as W32.Welchia.Worm, Blast.D and Nachi, at 3:05 p.m. yesterday. "The attack affected only the unclassified portion of the N/MCI network, has been contained, and cleanup is in progress," Rose said.
According to an official Navy statement on the incident released this afternoon, the U.S. Naval Network Warfare Command, along with the Navy's prime contractor on the program, Electronic Data Systems Corp., worked with antivirus vendor Symantec Corp. to develop and deploy fixes.
"Symantec released a signature file for Welchia late Monday, and EDS began installing the patch within minutes of its availability. However, by the time the patch became available, many N/MCI workstations had already been affected," the Navy statement said. "Since then, new virus definitions have been inserted at all server farms."
Kevin Clarke, a spokesman for Plano, Texas-based EDS, said early characterizations of the N/MCI "being down or broken [were] not accurate."
"We successfully defended against Blaster, but we're not sure how [Welchia] got into the system," said Clarke, whose company recently characterized the N/MCI as the most secure network in all of government. "What we had was intermittent delays in e-mail getting out to the external Internet and access in getting to some of the shared drives on the network," Clarke said. "But individual desktops still work. All of the protocols we have in place worked properly."
The Sobig.F worm also arrived at NMCI user desktops, but the Navy's antivirus software successfully stripping the infected e-mail attachments, Navy spokesman Ken Jarvis said. However, the high volume of junk e-mail stemming from the Sobig.F worm has been only a minor problem for users, he said.
N/MCI is a $6.9 billion IT outsourcing contract, often referred to as seat management, that will give the Navy and Marine Corps secure, universal access to integrated voice, video and data communications. EDS won the contract in October 2000. However, technical difficulties, deployment delays and user complaints have hampered the program since its inception.
In other news related to the Blaster variant, Symantec Security Response upgraded its rating