Advertisement
Promo

Online business Toolkit

Nimda resurgence falls flat

Robert Lemos, ZDNet.com ZDNet US

Published: 01 Oct 2001 09:01 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A resurgence of the Nimda worm failed to materialize Friday, leaving unfulfilled warnings that several security companies made this week.

The e-mail component of the worm, which sends infected messages to each entry in an infected computer's Outlook address book, reactivates 10 days after the original infection. That part of the program had antivirus researchers and security experts worried that the Nimda worm was again set to spread quickly.

But Friday morning, 10 days after the first infections started to take hold, few signs heralded a return of the worm.

"We have been checking throughout the entire day, and we are not seeing anything," said John Harrington, director of marketing for e-mail filtering service MessageLabs. "Our gut feeling is that it is not going to happen."

According to MessageLabs' Web site, the company has detected fewer than 1,600 copies of the virus since the start of the epidemic 10 days ago.

Nimda -- which is "admin," the shortened form of "system administrator," spelled backward -- started spreading Sept. 18 and quickly infected PCs and servers around the world. Also known as "readme.exe" and "W32.Nimda," the worm is the first to use four different methods to infect not only PCs running Windows 95, 98, Me and 2000, but also servers running Windows 2000.

The worm spreads by e-mailing itself as an attachment, scanning for and then infecting vulnerable Web servers running Microsoft's Internet Information Server software, copying itself to shared disk drives on networked PCs, and appending JavaScript code to Web pages that will download the worm to surfers' PCs when they view the page.

The e-mail component of the worm sends Nimda-infected messages every 10 days, counting from when the victim was originally infected. Since the virus is thought to have started early in the afternoon of 18 September, the first new e-mails should have started going out early on Friday.

Only a few infected computers may be left, however.

Anti-virus software maker Trend Micro said that while some companies reported infections Friday, the number is still low.

"We've seen a few infections in organizations that haven't done a complete cleaning, but it's limited," said company spokeswoman Susan Orbuch.

Furthermore, compromised servers and PCs without Outlook installed will only have a limited number of e-mail addresses to which to send messages. The worm also scans the browser cache on computers for saved Web pages that contain e-mail addresses and sends infected messages to those addresses as well.

Servers that aren't used to browse the Internet will not have such a cache.

See the Viruses and Hacking News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
37 out of 80 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Online business


Company/Topic Alerts

Create a new alert from the list below:






Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment

Video icon

Video

Google Chrome

Roundup: Full coverage of Google Chrome

The search giant has launched a beta of its own open-source browser, sending a clear challenge to Microsoft in the way it lets users work with applications More

Blog: Google Chrome has Microsoft's code inside, says MS manager

And furthermore, he says, that's a good thing... More

Blog: Google Chrome — nine things we've found since launch

Google must be very happy with the coverage Chrome has gathered. But it's not all good news... More


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters