The latest worm to wreak havoc on the online world is called Nimda, and judging by reports from the US, the worm promises to be even more destructive than Code Red.
While some administrators are reporting activity on their networks equivalent to the Melissa virus, all the major anti-virus vendors have issued updates to their products to protect against the worm.
However, Jako Voges, marketing manager at Symantec South Africa, says the company has not received overwhelming reports of the worm although it has categorised the worm as high risk.
SecureData, local agent for the Trend Micro range of anti-virus products, also issued a warning early this morning, saying that Nimda is a rapidly spreading worm known as PE_NIMDA.A, NIMDA.A or W32/Nimda.A@mm.
The company says the worm has three modes of propagation: spreading through e-mail, network shares and through servers with IIS installed. The worm spreads itself through IIS servers using the IIS Web Directory Traversal exploit.
When spreading through e-mail, the mail typically arrives with an attachment readme.exe and then drops a file labelled meXXX.tmp.exe into the C:\WindowsTemp directory. This temp file contains the file attachment sent by the worm.
Local administrators have reported substantial activity on their networks, although most have already protected their systems against the worm.
Praxis Computing administrator Paul Meintjies says the company has seen substantial activity on its network in the past few hours. He notes that the level of activity rivals that of the Melissa virus, which brought a large portion of the world to a standstill last year. Meintjies says that all but two of the sites the company administers are running anti-virus software, and that the two not running anti-virus software have been taken down.
According to Meintjies, Nimda poses a high threat as, while many worms only replicate through one channel, the latest worm uses both e-mail and IIS servers.
Voges comments that the Nimda worm is very similar to the Code Blue worm that struck a few weeks ago, although it uses slightly different methods. He adds that the relatively low local incidence of the Nimda worm so far is probably related to the fact that it first struck with full force during the day in the US. By the time SA had started the working day, most system administrators and users were already aware of the Nimda threat.
Voges says the sector most likely to be affected will be the small and medium-sized businesses that do not already have extensive protection strategies in place. He explains that most large organisations were already aware of the worm early this morning and had applied the necessary filters and patches.
Related stories:
Nimda computer worm spreads worldwide
Nimda could be worse than Code Red, says Ashcroft
Feds, industry contemplate Nimda curfew
Share
