New, complex Internet worm slows in U.S.

By D. Ian Hopper

Associated Press

WASHINGTON – As American companies recovered from the latest Internet worm, the complex “Nimda” program struck companies around the world, shutting down sites in Norway, Japan and elsewhere.

The virus-like program spreads rapidly through many ways to infect computers running Microsoft’s Windows operating system.

Nimda seemed to be abating in the United States early Wednesday. The worm is still active, but many system administrators are seeing it less.

“We are still seeing some activity, but it doesn’t seem to be quite as active,” said Vincent Gullotto, McAfee.com’s head virus researcher.

Experts implored computer users to update their antivirus software and visit Microsoft’s Web site to download protective software before reading their e-mail or visiting other Web sites.

Gullotto said the worm wasn’t as active in Europe or the Middle East, but more so in Asia and Australia. However, he said there is no geographic bias programmed into the worm, and researchers still aren’t sure where it came from.

Several researchers noted that the first reports of the worm came almost exactly a week after the twin terrorist attacks in Washington and New York. But Attorney General John Ashcroft has said there is no evidence linking the worm to last week’s attacks.

The malicious software program is designed to spread to people who open infected e-mail or visit an infected Web site. The program also generates more traffic on the Web, slowing down users.

Every major antivirus company has updated software that can detect and remove Nimda.

Microsoft has provided several different updates for both Web servers and home computers on its Web site.

Major sporting sites in Norway, including the Norwegian Sports Federation site, were knocked offline Tuesday night when their Web provider was infected.

In Japan, Tsuru Credit Union spokesman Takao Ide said the bank – which is west of Tokyo – shut down its Web site after finding it infected with the program.

After the shutdown, the bank suspended accepting account settlements and transfers of funds by customers via the Internet, Ide said.

Several other Japanese entities were suspected of being hit by the computer worm, including Yamanashi Gakuin University, the Kyodo News agency and the Chunichi newspaper.

The Swedish government was forced to quarantine some government computers after they were infected.

The worm can spread in many different ways. It can infect Web sites running Microsoft’s Internet Information Services software, like the recent “Code Red” worm did. Once a Web site is infected, any Web user accessing it can get the worm.

Once one computer on a company network is infected, it can also travel across the network to attack others. Together, this can cause an entire corporate network to be infected if even a single worker visits an infected Web site.

Finally, it can send itself through an e-mail attachment. The sender address is faked, and may be a well-known address. Researchers said they weren’t sure how the address is generated. The attachment may be named “README.EXE.”

In addition to the hailstorm of junk messages slowing down Internet access around infected computers, it can overwrite critical Microsoft Windows system files, requiring a costly and time-consuming repair.

The only clues to Nimda’s origin are the words “Copyright 2001 R.P.China,” which indicates a possible – but far from definite – link to China. Also, the words “Concept virus,” appear.

Researchers say the worm could have been built as a proof of concept to see how it performs.

“It’s apparently a pretty effective one,” Gullotto said.

Alan Paller, director of research at the Sans Institute, a computer security think tank, said Nimda is far more efficient and powerful than the “Code Red” worm, which hit in July and August.

“Each time we turn over a rock, there’s another … way it weaves itself in,” Paller said. “This one’s going to be with us a long time.”

On the Net: Microsoft Security Update: http://www.microsoft.com/technet/security/topics/nimda.asp

McAfee.com: http://www.mcafee.com

Sans Institute: http://www.sans.org

Copyright ©2001 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Local News

A Flock Safety camera on the corner of 64th Avenue West and 196th Street Southwest on Oct. 28, 2025 in Lynnwood, Washington. (Olivia Vanni / The Herald)
Everett seeks SnoCo judgment that Flock footage is not public record

The filing comes after a Skagit County judge ruled Flock footage is subject to records requests. That ruling is under appeal.

Information panels on display as a part of the national exhibit being showcased at Edmonds College on Nov. 19, 2025 in Lynnwood, Washington. (Olivia Vanni / The Herald)
Edmonds College hosts new climate change and community resilience exhibit

Through Jan. 21, visit the school library in Lynnwood to learn about how climate change is affecting weather patterns and landscapes and how communities are adapting.

Lynnwood City Council members gather for a meeting on Monday, March 17, 2025 in Lynnwood, Washington. (Olivia Vanni / The Herald)
Lynnwood raises property, utility taxes amid budget shortfall

The council approved a 24% property tax increase, lower than the 53% it was allowed to enact without voter approval.

Lynnwood
Lynnwood hygiene center requires community support to remain open

The Jean Kim Foundation needs to raise $500,000 by the end of the year. The center provides showers to people experiencing homelessness.

Logo for news use featuring Snohomish County, Washington. 220118
Vending machines offer hope in Snohomish County in time for the holidays.

Mariners’ radio announcer Rick Rizzs will help launch a Light The World Giving Machine Tuesday in Lynnwood. A second will be available in Arlington on Dec. 13.

UW student from Mukilteo receives Rhodes Scholarship

Shubham Bansal, who grew up in Mukilteo, is the first UW student to receive the prestigous scholarship since 2012.

Roger Sharp looks over memorabilia from the USS Belknap in his home in Marysville on Nov. 14, 2025. (Will Geschke / The Herald)
‘A gigantic inferno’: 50 years later, Marysville vet recalls warship collision

The USS Belknap ran into the USS John F. Kennedy on Nov. 22, 1975. The ensuing events were unforgettable.

Logo for news use featuring Snohomish County, Washington. 220118
Snohomish County man files suit against SIG SAUER over alleged defect in P320

The lawsuit filed Monday alleges the design of one of the handguns from the manufacturer has led to a “slew of unintended discharges” across the country.

The Everett City Council on Oct. 22, 2025 in Everett, Washington. (Olivia Vanni / The Herald)
Everett approves $613 million budget for 2026

No employees will be laid off. The city will pause some pension contributions and spend one-time funds to prevent a $7.9 million deficit.

Police are failing to solve most violent crimes in WA

Over 49,000 incidents remain unsolved since 2022, including murders, rapes and robberies.

Police respond to a wrong way crash Thursday night on Highway 525 in Lynnwood after a police chase. (Photo provided by Washington State Department of Transportation)
Driver who killed Lynnwood woman sentenced to 27 years

Robert Rowland struck and killed Trudy Slanger, 83, while fleeing from police on April 11, 2024, after allegedly kidnapping his girlfriend and threatening to “skin her” alive.

Light Up Your Holidays will take place 4-7 p.m. Saturday in Stanwood, 8727 271st St. NW. (Photo by Lisa J. Bruce Photography)
Stanwood is lighting up the holidays

The city’s annual tree lighting event is scheduled for Saturday, with food, reindeer, music and Santa.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.