Nimda still a global threat

North America, Europe and Australia are hit hardest by a computer worm that has brought many corporate networks to a grinding halt.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
The multifaceted Nimda worm continued to spread over the weekend, hitting North America on average five times harder than any other region.

Antivirus company Trend Micro's World Virus Tracking Center reported that 120,000 new infections were detected worldwide in a 24-hour period ending noon Monday PDT, bringing the total number of copies of the Nimda worm found by Trend Micro to 1.3 million.

"With most of our corporate customers, we are really in cleanup mode," said Trend Micro spokeswoman Susan Orbuch, adding that the numbers indicate it's one of the largest epidemics that the antivirus firm had ever seen. "It's hard to explain the spike. Many corporations could be directing their end users to our (online) House Call service to clean their home PCs."

Because the online report only includes the number of viruses and worms detected by Trend Micro's online virus scanner and the company's managed network software, its numbers are generally only a small fraction of total infections.

Nimda--which is "admin," the shortened form of "system administrator," spelled backwards--started spreading early Tuesday morning and quickly infected PCs and servers across the Internet. Also known as readme.exe and W32.Nimda, the worm is the first to use four different methods to infect not only PCs running Windows 95, 98, Me and 2000, but also servers running Windows 2000.

The worm spreads by e-mailing itself out as an attachment, scanning for--and then infecting--vulnerable Web servers running Microsoft's Internet Information Server software, copying itself to shared disk drives on business intranets and appending JavaScript to Web pages that will download the worm to a surfer's PC when they view the page.

While the worm does not delete data, Nimda does overwrite a number of files and spreads to shared computer hard disks, allowing it to wreak havoc on home computers and networks.

North American PC users and companies accounted for almost two-thirds of all infections. Yet companies and home users worldwide were hit hard, with those in Europe making up 13 percent of compromised PCs, Australia accounting for 9 percent and Asia totaling 7 percent.

Dutch consumer electronics conglomerate Philips Electronics suspended access to the Web and its entire local network last week after several company computers were found to be infected, reported ITworld.com on Monday. While the company allowed employees back on the network within 24 hours, it took almost a week for the company's network administrators to feel secure enough to connect the company's employees to the Internet.

On Friday, Morgan Stanley issued a note explaining that the Nimda virus was affecting its ability to distribute research notes to clients, according to Reuters. "We expect the situation to be resolved in the next couple of days," the bank said in the note.

The Korea Information Security Agency announced last week that the total number of reported Nimda infections surpassed 5,000. The agency considered that only 1 out of every 20 infections is actually reported, placing the total number of compromised PCs at 100,000.

Reuters contributed to this report.