Nimda worm costs firms dear

The Nimda virus, which caused havoc around the world last week, will cost businesses more to clean up than any virus attack so...

The Nimda virus, which caused havoc around the world last week, will cost businesses more to clean up than any virus attack so far.

Although Nimda has spread more slowly than the Love Bug and Homepage viruses, it is causing far more damage to the organisations it strikes.

Nimda, which was first detected in Korea on Tuesday afternoon last week, has hit businesses in at least 15 countries. It has been particularly active in the UK, the US and Hong Kong.

"The organisations affected on Tuesday are still clearing up. The virus has not spread as far as other viruses but those companies that have been hit, have been hit badly," said Alex Shipp, anti-virus technologist at Message Labs.

Some large City firms put their IT teams up in hotels while staff worked around the clock to repair their IT infrastructure. Other businesses had to close down their computer systems completely.

The virus, the most sophisticated to date, targets Microsoft systems and leaves a trail of infected computer files in its wake. Analysts are advising companies to restore damaged files from back-ups, rather than attempting to repair them using anti-virus software.

Nimda e-mails itself to all of the addresses in a user's address book and searches caches to find further addresses. "It is quite ferocious in that way," said Graham Cluley, senior technology consultant at anti-virus firm Sophos.

Unlike Code Red, which infects Web sites with propaganda, Nimda infects them with malicious Javascript. People accessing the site are automatically infected unless they have patched their browsers. It can also travel via shared networks and users can be infected even if they do not use Microsoft Internet Information Server.

However, firms could have avoided infection if they had used the available patches and adopted "safe computing methods", said Cluley. "You should never have been hit by Nimda," he said.

To protect themselves, firms should block certain file types, such as double extensions; stop e-mailing word documents, which can contain Macro viruses - use rich text format instead; view Word files with Wordview; and update patches.

Read more on Data centre hardware

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.