The Nimda worm that spread through the Internet last week is believed to have infected around 2.2 million machines worldwide and the cost of cleaning up in its wake is estimated to be around $370 million worldwide.
The ongoing cost, however, could be substantially higher, with some researchers estimating that the total cost could increase by another $200 million over the coming weeks.
Nimda follows close on the heels of Code Red, another Internet worm that brought business to its knees a few weeks ago, and at least one group of researchers is suggesting it may be time for business to look at alternatives to Microsoft`s Web server platform. Gartner points out that the current Internet Information Server (IIS) from Microsoft requires almost weekly updates and is under constant attack.
The virulent Nimda worm, believed to derive its name from the reverse spelling of 'Admin`, was relatively short-lived, reaching its peak in the US last Tuesday and dropping to less than half the infections by Thursday.
Nimda, known as a "rollup worm" because it bundles together a number of known exploits against IIS, Internet Explorer browser and Microsoft operating systems such as Windows 2000 and Windows XP, first struck the Internet community on Tuesday last week, spreading rapidly through IIS servers and e-mail. Nimda not only opened backdoors on IIS servers, paving the way for further penetration, but its biggest toll was felt by network administrators whose servers were at times flooded with attempts by the worm to gain access.
Local network administrators reported thousands of hits against their servers every hour and some, such as Paul Meintjies, an administrator for local company Praxis Computing, said they expect the worm to rival the destruction wreaked by the Melissa virus last year.
In a report issued shortly after the attack by Nimda, Gartner noted it is time that enterprises investigate alternatives to IIS, including moving Web applications to other Web servers such as iPlanet and Apache.
John Pescatore, Information Security Strategies analyst at Gartner, said products such as iPlanet and Apache have much better security records and are not under constant and active attack. The report said the company was concerned that "viruses and worms will continue to attack IIS until Microsoft has released a completely rewritten, thoroughly and publicly tested, new release of IIS. Sufficient operational testing should follow to ensure that the initial wave of security vulnerabilities has been uncovered and fixed."
Share