Wednesday, September 19, 2001

‘Nimda’ spells havoc
for some Internet users

The computer worm could infect
some machines simply
by opening an e-mail

Star-Bulletin staff and wire reports

A damaging new computer worm spread like wildfire across the Internet yesterday, hitting both home PC users and commercial servers, in an outbreak that could prove more widespread and costly than the Code Red viruses, computer security experts said.

Known as "Nimda," which spells "admin" backward, the worm spreads by sending infected e-mails and through infected Web sites, making it a more malicious and versatile virus than earlier Internet threats, experts said.

Locally, a number of services and users connected with the University of Hawaii system were affected in varying degrees while the city shut down its e-mail system for about 45 minutes to take care of "a minor infection."

The mass-mailing worm arrives in e-mail without a subject line and containing an attachment titled "readme.exe" that is disguised as a harmless audio file, experts said.

As of late yesterday afternoon, the worm had not significantly slowed overall traffic on the Internet, although a reported 130,000 Web servers and PCs had been infected and some corporate networks had bogged down, analysts said. Internet security experts warned of the potential for an increase in virus activity after last week's attacks on the World Trade Center and Pentagon, but U.S. Attorney General John Ashcroft said there was no sign the outbreak was linked to those events.

The origin of the virus was not clear, and experts said it could take weeks to find out.

If Microsoft Corp.'s Outlook e-mail program has not been patched with an update that became available in March, the recipient does not even need to open the e-mail attachment to activate the virus. Opening the e-mail itself is sufficient, said Vincent Weafer, senior director of Symantec Corp.'s Symantec Security Response unit.

Once Nimda infects a machine, it tries to replicate in three ways. It has its own e-mail engine and will try to send itself out using addresses stored in e-mail programs. It also scans Microsoft's Internet Information Services servers looking for the known vulnerability and attacks those servers. Finally, it looks for shared disk drives and tries to reach those devices, Symantec's Weafer said.

Locally, UH's statewide system was affected in varying degrees, according to David Lassner, the university's director of information technology services.

"Certain services were unavailable and certain users in certain parts of the network were affected," Lassner said.

In general, users at best saw some slowdowns while using the Internet, he said. "At worst, you couldn't do very much on the Internet at all."

Courtney Harrington, director of the city Department of Information Technology, said the city shut down all of its servers about midday.

"We had indications that (the worm) had gotten into our city's system," Harrington said. When officials checked, he said, "there was some minor infection."

Reuters News Service contributed to this report.

E-mail to City Desk

Text Site Directory:
[News] [Business] [Features] [Sports] [Editorial] [Do It Electric!]
[Classified Ads] [Search] [Subscribe] [Info] [Letter to Editor]

© 2001 Honolulu Star-Bulletin