Nimda: Swiss army knife attack on Net

Users have been advised to update their Internet Explorer 5.0 and 5.5 Web browsers and IIS Web servers immediately to reduce the...

Users have been advised to update their Internet Explorer 5.0 and 5.5 Web browsers and IIS Web servers immediately to reduce the effect of Nimda, the latest destructive Net virus.

The Nimda virus infects all 32-bit Windows PCs and replicates itself across the Internet via e-mail attachments and Web sites.

Anti-virus software firm McAfee has advised all users to install the SP2 Internet Explorer service pack from Microsoft. The company also said that system administrators need to make sure they are running the 15 August 2001 Cumulative Patch for IIS from Microsoft.

"It looks like they've made a Swiss Army Knife," said Roger Thompson, technical director of malicious code at TruSecure, a network security service provider. The worm, called Nimda (admin spelled backwards), can spread via e-mail attachments, Hypertext Transfer Protocol (HTTP) or across shared hard disks inside networks, Thompson said.

Thompson claims that Nimda can infect all 32-bit Windows systems - Windows 98, 2000, Millennium Edition, XP, NT - because it scans systems for between 10 and 100 different vulnerabilities and exploits them when found.

"Every Win32 system is vulnerable," he said.

The virus attacks Web servers in a similar way to Code Red but the effect appears to be far more destructive. "(Nimda) is certainly much faster, much more aggressive and much bigger" than Code Red, Thompson said. The Code Red worm caused a good deal of damage and consternation for systems administrators worldwide in July.

Though Code Red did not ultimately have an impact on Internet performance despite some initial claims to the contrary, Thompson claims that Nimda could affect the Internet's performance.

System administrators that have been keeping up with security patches need not worry, said Jim Desler, spokesman for Microsoft. As far as Microsoft understands the situation, the latest Outlook patch fixes any problems that Nimda exploits, he said. The same is true for the cumulative Internet Information Server (IIS) patch, released earlier in the summer, Desler said.

The FBI does not currently believe that the worm is related to last week's terrorist attacks in New York and Washington, according to a statement released on 18 September.

Read more on Antivirus, firewall and IDS products