Government department spreads e-mail virus

A Federal Government network has inadvertently distributed a virus to mailing list subscribers.

The virus was sent with the AustLig national mapping newsletter.

AusLig is a civilian cartographic and remote sensing division of Geoscience Australia, part of the Federal Department of Industry, Tourism and Resources.

A spokesperson for the Minister Ian McFarlane was more forthcoming, confirming that infected files had indeed been sent out by Geoscience Australia with a disgruntled "yep".

The spokesperson said Geoscience Australia was "getting legal advice on the situation, and who is accountable, and if there are avenuesthey can pursue; the service has been moved in-house ... most of the work over there is contracted out." The minister's office refused to comment on or reveal whether IT security had been given to an outsourcer or who the outsourcer may be.

A "report of sorts" on the incident is expected within a fortnight.

According to documentation obtained by Computerworld, the attack occurred between 4pm on November 8 and 5am on November 9, when the plug was pulled on the miscreant machine.

AusLig mailing list subscribers were sent an e-mail with the subject header "CSDMS" and an attachment named "README.EXE". Firewall rejection notices describe the malicious code contained in the attachment as the W32/Brid-A (Sophos) virus, more commonly known as the Bride X e-mail worm.

A press release on November 18 confirmed the e-mail newsletter suffered from a virus attack: "This virus caused a number of problems both to the service and the transmissions of e-mails, resulting in a number of warning messages being sent many times to some subscribers."

Geoscience Australia corporate branch general manager Tony Robinson apologised to subscribers but declined to comment on whether the Defence Signals Directorate (DSD) had been informed in line with government information security incident reporting protocol.

Computerworld understands that Geoscience Australia shares satellite imaging information with the Department of Defence's spy satellite unit, the Australian Imagery Organisation (AIO).

Symantec's regional manager for security response, David Banes, said there had been no noteworthy increase in Bride X activity recently and patches were available.

Umar Goldeli, director of incident response and enterprise security firm Universal Defence, warned that extra care had to be taken with mailing list security. "These incidents often have wide-ranging impacts, as there is always an unspoken but implied level of trust between a mailing list and it's subscribers," he said. "The utmost care should be taken where an organisation handles a large collection of personal information, including e-mail addresses, especially organisations which must diligently adhere to the Privacy Act and the national privacy principles."

The launch pad for the attack has been traced to a since terminated IP address hosted by an ISP based in Bombay, India, although more specific detail on who is responsible is typically scant.

Join the newsletter!

Error: Please check your email address.

More about Department of DefenceSophosSymantec

Show Comments

Market Place