Virus Alert: The new Worm.

  • Thread starter Tom M
  • 9 comments
  • 378 views
Tom M

Tom M

3,823
Home PCs at most risk from Nimda
Antivirus experts say that most businesses now have a handle on blocking Nimda infections. It's home users-and their lax security protection--that have them worried.

By Robert Lemos, ZDNet News

As antivirus experts complete a more detailed analysis of the Nimda worm and companies clean up their networks on Wednesday, several security groups are worried that home computer users will not secure their PCs.
A coalition of government security officials and antivirus software industry experts released a warning to home computer users on Wednesday morning to take Nimda--and the security of their computer systems--seriously.

Nimda--which is "admin," the shortened form of "system administrator," spelled backwards--started spreading early Tuesday morning and quickly infected PCs and servers across the Internet. Also known as Readme.exe and W32.Nimda, the worm is the first to use four different methods to infect not only only PCs running Windows 95, Windows 98, Windows Me and Windows 2000, but servers running Windows 2000 as well.

The worm spreads by e-mailing itself as an attachment, scanning for--and then infecting--vulnerable Web servers running Microsoft's Internet Information Server software, copying itself to shared disk drives on networks, and appending Javascript code to Web pages that will download the worm to Web surfers' PCs when they view the page.

The e-mail attachment will open automatically under Microsoft's Outlook e-mail program if the program's security settings are at "low" and a security patch has not been installed. On PCs that don't use Outlook, the worm can still spread using its own e-mail engine, but it won't execute automatically.
 
In addition, the worm generates an avalanche of Internet traffic when it scans local chunks of the Internet for vulnerable servers to which it can spread. The automated scanning caused many connectivity problems for businesses on Tuesday.

"It seems to randomly be going through every IP (address) of my network," said Ian Neubert, director of information services for online telecommunications equipment seller TWAcomm, which found itself inundated with scans from infected machines. "This is ridiculous."


By midday Tuesday, each of TWAcomm's IP addresses had seen upwards of 9,000 scans from infected machines.

Other companies' Web servers had become infected with the worm, putting at risk any PC user viewing a Web page hosted on such a server.

A representative of network-protection service Counterpane Internet Security said that several of its customers' servers had to be shut down to clean them of the Nimda worm. Security services firm Neohapsis also confirmed that a Fortune 500 client's network had been extensively infested with copies of the worm.

Antivirus firm Trend Micro upped the number of infections reported through its World Virus tracking Center to 26,000 from 15,000 late Tuesday.

Yet most businesses seem to be controlling the infections, said Symantec's Weafer.

"They have a handle on the initial problem of blocking the virus," Weafer said. "Now it's recovery mode, and that can take weeks and months." Almost 700 customers reported incidents of infections to Symantec on Tuesday, he said, evenly split between businesses and home users.
 
It's those home users that have antivirus experts worried.

Owners of home PCs generally fall behind in securing systems with new software updates and the latest virus definitions for antivirus software, Weafer said.

"Yesterday, the large part of the problem was getting good analysis of the worm," he said. "Today, it's getting home users to protect their systems."

"Somehow, as the number of patches coming out is going up exponentially, the word has to get out to a larger number of people to apply the patches," he said. "In the end, it may be like automakers, with recalls and everything."

I just want to warn GTPlanet members about one of the fix programs running around out there. It's called Worm Guard, and it is supposed to keep up with new advances in worm-virus technolgy.

I'd rather have the worm, as it has wreaked mor havoc on my PC than the Melissa virus did.
 
My company sure has... We got hit with the first worm, and now it seems we have been hit by the second!! Our company doesn't have the best virus protection... they refuse to spend money on such things!!! :lol:
 
Originally posted by Magic069
they refuse to spend money on such things!!! :lol:
Click to expand...


Hopefully they've learned their lesson after being hit by 2 viruses...:(

Watch, they'll probably continue to refuse better virus protection...:P
 
Originally posted by Pako
Have you personally seen this worm in action?
Click to expand...

Not this one, but I spent a great deal of time reading about the code red worm. I think it was bombarding the white house server (they moved IP's, but the old one was getting nailed) with about 350,000 different PC's pinging it every hour? These things are basically designed to use our, and corporate PC's in a form of internet terrorism. When these bombard the server, it basically shuts the thing down. There's nothing that can be done, it's not a normal virus, it's just 350,000 computers accessing it everey few seconds, effectively locking it up.
 
word is... my company is just gonna get ride of it, and keep business as usual... no further virus protection!!! :eek: Hey its there computers not mine!!! ;)
 

Latest Posts

Back