Malware Incidents on the Rise at IRSInspector General: 11 % of Servers Not Scanned Regularly Malware infecting Internal Revenue Service computers increased by 45 percent last year to 961 incidents, according to a Treasury Department inspector general's report.
Though IRS automatically scans workstations weekly for malware, only 89 percent of the agency's servers are scanned each week. The others were either scanned less often or not at all, the IG said. "The introduction of malware on servers is particularly risky because many users access them, making the spread of the malware to other computer systems more likely," wrote Michael Phillips, Treasury deputy inspector general for audit.
It's not that the IRS isn't taking steps to thwart malware. In fact, Phillips noted, the agency had adequately implemented many of the enhanced controls outlined in a December 2007 Treasury memorandum to block known malicious sites and prohibit administrator accounts from receiving e-mail from accounts outside of the department. The IRS is also adequately preventing access to online e-mail accounts outside of the Department for all user accounts, in compliance with its own policy.
Still, the IG said, the IRS hasn't fully enforced a department memorandum that prohibits administrators from using their administrator accounts to access the Internet unless authorized in writing by the agency's CIO or designee. The IG identified 63 administrator accounts that had accessed Internet websites 820 times in just a single week without the CIO authorization.
The IG recommended the IRS chief information office:
In responding to the IG audit, IRS management agreed to institute weekly automated antivirus scans of servers, as well as monitor for unauthorized administrator Internet access and use the security awareness training course required by Treasury that address the proper use of portable and removable devices.