New, complex Internet worm slows in U.S.

By D. Ian Hopper

Associated Press

WASHINGTON – As American companies recovered from the latest Internet worm, the complex “Nimda” program struck companies around the world, shutting down sites in Norway, Japan and elsewhere.

The virus-like program spreads rapidly through many ways to infect computers running Microsoft’s Windows operating system.

Nimda seemed to be abating in the United States early Wednesday. The worm is still active, but many system administrators are seeing it less.

“We are still seeing some activity, but it doesn’t seem to be quite as active,” said Vincent Gullotto, McAfee.com’s head virus researcher.

Experts implored computer users to update their antivirus software and visit Microsoft’s Web site to download protective software before reading their e-mail or visiting other Web sites.

Gullotto said the worm wasn’t as active in Europe or the Middle East, but more so in Asia and Australia. However, he said there is no geographic bias programmed into the worm, and researchers still aren’t sure where it came from.

Several researchers noted that the first reports of the worm came almost exactly a week after the twin terrorist attacks in Washington and New York. But Attorney General John Ashcroft has said there is no evidence linking the worm to last week’s attacks.

The malicious software program is designed to spread to people who open infected e-mail or visit an infected Web site. The program also generates more traffic on the Web, slowing down users.

Every major antivirus company has updated software that can detect and remove Nimda.

Microsoft has provided several different updates for both Web servers and home computers on its Web site.

Major sporting sites in Norway, including the Norwegian Sports Federation site, were knocked offline Tuesday night when their Web provider was infected.

In Japan, Tsuru Credit Union spokesman Takao Ide said the bank – which is west of Tokyo – shut down its Web site after finding it infected with the program.

After the shutdown, the bank suspended accepting account settlements and transfers of funds by customers via the Internet, Ide said.

Several other Japanese entities were suspected of being hit by the computer worm, including Yamanashi Gakuin University, the Kyodo News agency and the Chunichi newspaper.

The Swedish government was forced to quarantine some government computers after they were infected.

The worm can spread in many different ways. It can infect Web sites running Microsoft’s Internet Information Services software, like the recent “Code Red” worm did. Once a Web site is infected, any Web user accessing it can get the worm.

Once one computer on a company network is infected, it can also travel across the network to attack others. Together, this can cause an entire corporate network to be infected if even a single worker visits an infected Web site.

Finally, it can send itself through an e-mail attachment. The sender address is faked, and may be a well-known address. Researchers said they weren’t sure how the address is generated. The attachment may be named “README.EXE.”

In addition to the hailstorm of junk messages slowing down Internet access around infected computers, it can overwrite critical Microsoft Windows system files, requiring a costly and time-consuming repair.

The only clues to Nimda’s origin are the words “Copyright 2001 R.P.China,” which indicates a possible – but far from definite – link to China. Also, the words “Concept virus,” appear.

Researchers say the worm could have been built as a proof of concept to see how it performs.

“It’s apparently a pretty effective one,” Gullotto said.

Alan Paller, director of research at the Sans Institute, a computer security think tank, said Nimda is far more efficient and powerful than the “Code Red” worm, which hit in July and August.

“Each time we turn over a rock, there’s another … way it weaves itself in,” Paller said. “This one’s going to be with us a long time.”

On the Net: Microsoft Security Update: http://www.microsoft.com/technet/security/topics/nimda.asp

McAfee.com: http://www.mcafee.com

Sans Institute: http://www.sans.org

Copyright ©2001 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Local News

Customers enter and exit the Costco on Dec. 2, 2022, in Lake Stevens. (Olivia Vanni / The Herald)
Costco stores could be impacted by looming truck driver strike threat

Truck drivers who deliver groceries and produce to Costco warehouses… Continue reading

Two Washington State ferries pass along the route between Mukilteo and Clinton as scuba divers swim near the shore Sunday, Oct. 22, 2023, in Mukilteo, Washington. (Ryan Berry / The Herald)
Ferry system increases ridership by a half million in 2024

Edmonds-Kingston route remains second-busiest route in the system.

Pharmacist Nisha Mathew prepares a Pfizer COVID booster shot for a patient at Bartell Drugs on Broadway on Saturday, Oct. 1, 2022, in Everett, Washington. (Ryan Berry / The Herald)
Everett lawmakers back universal health care bill, introduced in Olympia

Proponents say providing health care for all is a “fundamental human right.” Opponents worry about the cost of implementing it.

x
Edmonds police shooting investigation includes possibility of gang violence

The 18-year-old victim remains in critical condition as of Friday morning.

Outside of the updated section of Lake Stevens High School on Thursday, Feb. 27, 2020 in Lake Stevens, Wa. (Olivia Vanni / The Herald)
Lake Stevens, Arlington school measures on Feb. 11 ballot

A bond in Lake Stevens and a levy in Arlington would be used to build new schools.

Robin Cain with 50 of her marathon medals hanging on a display board she made with her father on Thursday, Jan. 2, 2025 in Lake Stevens, Washington. (Olivia Vanni / The Herald)
Running a marathon is hard. She ran one in every state.

Robin Cain, of Lake Stevens, is one of only a few thousand people to ever achieve the feat.

People line up to grab food at the Everett Recovery Cafe on Wednesday, Dec. 4, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Coffee, meals and compassion are free at the Everett Recovery Cafe

The free, membership-based day center offers free coffee and meals and more importantly, camaraderie and recovery support.

Devani Padron, left, Daisy Ramos perform during dance class at Mari's Place Monday afternoon in Everett on July 13, 2016. (Kevin Clark / The Herald)
Mari’s Place helps children build confidence and design a better future

The Everett-based nonprofit offers free and low-cost classes in art, music, theater and dance for children ages 5 to 14.

The Everett Wastewater Treatment Plant along the Snohomish River on Thursday, June 16, 2022 in Everett, Washington. (Olivia Vanni / The Herald)
Everett water, sewer rates could jump 43% by 2028

The rate hikes would pay for improvements to the city’s sewer infrastructure.

The bond funded new track and field at Northshore Middle School on Thursday, Oct. 24, 2024 in Bothell, Washington. (Courtesy of Northshore School District)
Northshore School District bond improvements underway

The $425 million bond is funding new track and field complexes, playgrounds and phase one of two school replacements.

Lake Stevens Sewer District wastewater treatment plant. (Lake Stevens Sewer District)
Lake Stevens sewer district trial delayed until April

The dispute began in 2021 and centers around when the city can take over the district.

A salmon carcass lays across willow branches in Edgecomb Creek on Thursday, Jan. 30, 2025 in Arlington, Washington. (Olivia Vanni / The Herald)
Tribes: State fish passage projects knock down barriers for local efforts

Court-ordered projects have sparked collaboration for salmon habitat restoration

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.