Tags: Computer | Worm | Attack | Spreading

Computer Worm Attack Spreading

Tuesday, 18 September 2001 12:00 AM

The CERT Coordination Center, an organization at Carnegie Mellon University in Pittsburgh that studies computer vulnerabilities and acts as an information clearinghouse, issued an updated warning Tuesday afternoon on the "W32.Minda" or "W32.nimda" virus. CERT's latest analysis of the virus shows it will alter Web pages, hosted on an infected server, that use the programming language Javascript. These pages will in turn infect the PC of anyone accessing them.

"Many sites are experiencing high loads of e-mail and network traffic as a result of this activity," the CERT notice said.

The first reports of both the virus and the increased malicious scanning attempts, where the virus seeks new computers to infect, surfaced at about 9 a.m. EDT Tuesday, said Ken Van Wyk, president of ParaProtect, a computer security company in Centreville, Va. Van Wyk told UPI it took only minutes for the e-mails and scanning behavior to show up across the company's client base, as well as at the home computers of its employees.

An attachment in Microsoft Outlook e-mails appears to be the source of all the activity, Van Wyk said, although the company hasn't yet had a chance to analyze a copy of the e-mail. Opening the attachment, named "readme.exe," apparently forces the computer to run a program searching for 16 known security holes in Microsoft Internet Information Server software, he said.

IIS is the program targeted by the "Code Red" and "Code Red II" worms earlier this summer -- although the two Code Red worms only infected Windows NT and 2000 servers that control Web sites. The "readme.exe" virus, on the other hand, affects any Windows-based personal computer running Outlook, Van Wyk said.

Harris Miller, president of the Information Technology Association of America, told UPI the virus's use of e-mail threatens a much larger audience, including home users, than the Code Red incidents. U.S. Attorney General John Ashcroft said at a press conference Tuesday the impact of the virus could turn out to be heavier than Code Red, but there is no link between the virus and last week's terrorist attacks.

The National Infrastructure Protection Center, an FBI organization coordinating the nation's cybersecurity effort, is also monitoring the situation, said Deborah Weierman, an FBI spokeswoman. NIPC put out an alert Monday, saying it expected increased distributed denial of service attacks (such as Code Red) related to a group of hackers who threatened vigilante action against those responsible for last week's attacks. ITAA's Harris and other computer industry executives said there's no clear link between the virus and that alert, however.

The "Code Red" occurrences prompted most companies to install fixes to IIS, so infection rates on Web servers appear to be low, Van Wyk said. The Internet Security Alliance, a computer-industry-based counterpart to CERT, is also reviewing the attack's potential impact on the Web as a whole, said Don Skillman, the ISA's director of Internet policy. The alliance expects their analysis will reveal a minimal to medium impact, Skillman told UPI, since most of the targeted systems seem to be protected.

The attack does set a dangerous precedent, though, according to Ian Hameroff, business manager for security solutions at Computer Associates, a software vendor in Islandia, N.Y. "One thing that's interesting about this virus … is that it really doesn't have a destructive payload," Hameroff told UPI. "It might be viewed as (a preview) of what may come next, that someone may be looking to try this as a proof of concept. Now is definitely the appropriate time to evaluate (computer) security policies within your organization and make sure you have the tools to enforce that."

Copyright 2001 by United Press International. All rights reserved.

© 2019 Newsmax. All rights reserved.

   
1Like our page
2Share
Pre-2008
The CERT Coordination Center, an organization at Carnegie Mellon University in Pittsburgh that studies computer vulnerabilities and acts as an information clearinghouse, issued an updated warning Tuesday afternoon on the W32.Minda or W32.nimda virus. CERT's latest...
Computer,Worm,Attack,Spreading
608
2001-00-18
Tuesday, 18 September 2001 12:00 AM
Newsmax Media, Inc.
 

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
America's News Page
© Newsmax Media, Inc.
All Rights Reserved