Nimba called most serious Net attack on business
By Jon Swartz, USA TODAY
SAN FRANCISCO The Nimda computer worm won't go away.
The worm, which surfaced in the USA last week, has wiggled
into more than 1 million computers in the USA, Europe and Asia, clogging Internet
traffic and resulting in computer shutdowns for some firms.
"It's the most serious Internet attack on the business
community," says Jack Danahy, vice president of server security at WatchGuard
Technologies.
Nimda, a sophisticated program that spreads through Web
sites and e-mail, also targets personal computers. That allows it to spread
faster and makes it harder to track, security experts say.
"It is persistent, and we don't see it going away," says
Dan Ingevaldson, a researcher at Internet Security Systems. "The potential target
is orders of magnitude larger than Code Red. Anyone who uses an Internet Explorer
Web browser or e-mail is susceptible."
Experts say Nimda could inflict more damage than the Code
Red worm, which first surfaced in July and cost firms an estimated $2.4 billion
in cleanup costs.
Although security experts warned of the potential for an
increase in computer virus activity after the Sept. 11 terrorist attacks, U.S.
Attorney General John Ashcroft said there was "no evidence" of a link between
it and Nimda.
Nimda is particularly damaging, experts say, because it
combines the most successful features of previous computer viruses, such as
Code Red, "Kournikova," "ILOVEYOU" and "Melissa."
Among those hit: Siemens, US Bancorp Piper Jaffray, Booz
Allen & Hamilton and General Electric.
"It's a major problem," says Maribeth Luftglass, assistant
superintendent of information technology at Fairfax County Public Schools in
Virginia, where the worm shut down several hundred computers last week. The
system was repaired, but only after the district installed anti-virus software
on 70,000 PCs.
Like Code Red, Nimda exploits a vulnerability in Microsoft's
Internet Information Server Web software running on Windows NT or Windows 2000
machines. Market researcher Gartner has advised businesses to "immediately"
replace their Microsoft IIS software, which handles Web applications, with a
more secure server application.
"Using Internet-exposed IIS Web servers securely has a
high cost of ownership," the Gartner report says.
"Nimda has again shown the high risk of using IIS and the
effort involved in keeping up with Microsoft's frequent security patches."
But security experts say such a drastic move to alternative
Web server software could be more disruptive than fixing Microsoft IIS with
a software patch.
Microsoft spokesman Jim Desler says Gartner's report overlooks
the fact that all Web platforms are vulnerable to attacks.
"IIS is as secure as other Web server products," he says.
|