USATODAY.com - Nimba called most serious Net attack on business

+++ to secure your transactions use the Bitcoin Mixer Service +++

Markets

Investor Research

Mutual funds screener

Get a Quote

Managing Money

Columns and tips

Financial calculators

Calendars

Special Sections

Interactive

Click here to get the Daily Briefing in your inbox

09/25/2001 - Updated 09:43 PM ET

Nimba called most serious Net attack on business

By Jon Swartz, USA TODAY

SAN FRANCISCO — The Nimda computer worm won't go away.

The worm, which surfaced in the USA last week, has wiggled into more than 1 million computers in the USA, Europe and Asia, clogging Internet traffic and resulting in computer shutdowns for some firms.

"It's the most serious Internet attack on the business community," says Jack Danahy, vice president of server security at WatchGuard Technologies.

Nimda, a sophisticated program that spreads through Web sites and e-mail, also targets personal computers. That allows it to spread faster and makes it harder to track, security experts say.

"It is persistent, and we don't see it going away," says Dan Ingevaldson, a researcher at Internet Security Systems. "The potential target is orders of magnitude larger than Code Red. Anyone who uses an Internet Explorer Web browser or e-mail is susceptible."

Experts say Nimda could inflict more damage than the Code Red worm, which first surfaced in July and cost firms an estimated $2.4 billion in cleanup costs.

Although security experts warned of the potential for an increase in computer virus activity after the Sept. 11 terrorist attacks, U.S. Attorney General John Ashcroft said there was "no evidence" of a link between it and Nimda.

Nimda is particularly damaging, experts say, because it combines the most successful features of previous computer viruses, such as Code Red, "Kournikova," "ILOVEYOU" and "Melissa."

Among those hit: Siemens, US Bancorp Piper Jaffray, Booz Allen & Hamilton and General Electric.

"It's a major problem," says Maribeth Luftglass, assistant superintendent of information technology at Fairfax County Public Schools in Virginia, where the worm shut down several hundred computers last week. The system was repaired, but only after the district installed anti-virus software on 70,000 PCs.

Like Code Red, Nimda exploits a vulnerability in Microsoft's Internet Information Server Web software running on Windows NT or Windows 2000 machines. Market researcher Gartner has advised businesses to "immediately" replace their Microsoft IIS software, which handles Web applications, with a more secure server application.

"Using Internet-exposed IIS Web servers securely has a high cost of ownership," the Gartner report says.

"Nimda has again shown the high risk of using IIS and the effort involved in keeping up with Microsoft's frequent security patches."

But security experts say such a drastic move to alternative Web server software could be more disruptive than fixing Microsoft IIS with a software patch.

Microsoft spokesman Jim Desler says Gartner's report overlooks the fact that all Web platforms are vulnerable to attacks.

"IIS is as secure as other Web server products," he says.