The Nimda virus, which caused havoc around the world last week,
will cost businesses more to clean up than any virus attack so
far.
Although Nimda has spread more slowly than the Love Bug and
Homepage viruses, it is causing far more damage to the
organisations it strikes.
Nimda, which was first detected in Korea on Tuesday afternoon last
week, has hit businesses in at least 15 countries. It has been
particularly active in the UK, the US and Hong Kong.
"The organisations affected on Tuesday are still clearing up. The
virus has not spread as far as other viruses but those companies
that have been hit, have been hit badly," said Alex Shipp,
anti-virus technologist at Message Labs.
Some large City firms put their IT teams up in hotels while staff
worked around the clock to repair their IT infrastructure. Other
businesses had to close down their computer systems
completely.
The virus, the most sophisticated to date, targets Microsoft
systems and leaves a trail of infected computer files in its wake.
Analysts are advising companies to restore damaged files from
back-ups, rather than attempting to repair them using anti-virus
software.
Nimda e-mails itself to all of the addresses in a user's address
book and searches caches to find further addresses. "It is quite
ferocious in that way," said Graham Cluley, senior technology
consultant at anti-virus firm Sophos.
Unlike Code Red, which infects Web sites with propaganda, Nimda
infects them with malicious Javascript. People accessing the site
are automatically infected unless they have patched their browsers.
It can also travel via shared networks and users can be infected
even if they do not use Microsoft Internet Information
Server.
However, firms could have avoided infection if they had used the
available patches and adopted "safe computing methods", said
Cluley. "You should never have been hit by Nimda," he said.
To protect themselves, firms should block certain file types, such
as double extensions; stop e-mailing word documents, which can
contain Macro viruses - use rich text format instead; view Word
files with Wordview; and update patches.