Ironworks Gaming Forum - View Single Post - Did I luckily escape infecting all of you with an internal virus??

Staralfur · 09-19-2001, 12:52 PM

Something on the BBC website.

A Windows worm that tries almost every trick in the book to infect computers is steadily spreading across the net.
The malicious program, named Nimda, attacks both personal computers, network servers. The virus can even be contracted just by browsing webpages generated by infected servers.

It spreads by plundering address books to generate lists of recipients it can send itself to, looks for common loopholes in some versions of Windows web server software and uses hijacked machines to search for more targets.

Although spreading quickly experts said the worm was unlikely to cause widespread disruption, but they warned people to be on their guard.

Infection invitation

"The reason it's become so widespread is because it not only travels via e-mail but it contaminates web sites as well," said Graham Cluley, senior technical consultant for Sophos Antivirus.

Once it has infected a web server the Nimda Windows worm scans the net for machines that have not installed patches for well-known vulnerabilities. It looks for the loophole that Code Red exploited as well as 16 others.

It can affect machines running Windows 98, 95, Me, NT and 2000.

The worm may cause disruption to some networks because it makes infected machines carry out up to four times as many scans as those compromised by Code Red.

Infected machines also hide a copy of the virus on the webpages they display. Browsing these pages with certain unpatched versions of Internet Explorer will mean that machine is infected.

According to the Computer Emergency Response Team some browsers will automatically run the downloaded file.

The Nimda worm also uses other methods to spread. It scans webpages for e-mail addresses and sends a message to that site with a copy of the worm attached.

It can also interrogate copies of a program called Microsoft Exchange that many companies use as a "post office" for the e-mail and messaging systems that their staff use.

Attacking terrorism

E-mail messages generated by the worm have a random subject line and attach a file plucked randomly from the hard drive of an infected PC. Riding alongside the attachment is a copy of the virus.

The worm can also copy itself to any shared directories it finds on networks it has compromised.

"This one is the Swiss Army knife of worms," said Dan Ingevaldson, a spokesman for Internet Security Systems. "It really seems to try everything."

Although the networks within some businesses have become clogged by the scanning activities of infected machines and e-mail messages they are generating, experts do not think Nimda will cause widespread disruption.

Since the Code Red scare in August many vulnerable machines have been patched and far fewer are now at risk.

The panic over Code Red began when a variant of the original worm infected more than 250,000 machines in only a few hours. Analysis after the outbreak revealed that the web traffic jams attributed to Code Red were due to a train crash in a tunnel that severed key net cables.

Although some hackers have targeted websites seen as sympathetic to the terrorists behind last week's attack on the World Trade Centre US Attorney General John Ashcroft said there was no sign that the release of Nimda was another retaliatory attack.

"There is no evidence at this time which links this infection to the terrorist attacks of last week," he said.

The FBI also warned that a group of hackers calling themselves the Dispatchers were set to launch attacks "against organisations associated with the perceived perpetrators of the 11 September, 2001 terror attacks."

The FBI said the group was targeting computer systems used by communications and finance firms and said they would ramp up their activities Tuesday 18 September.

09-19-2001, 12:52 PM	#4
Staralfur Baaz Draconian Join Date: April 8, 2001 Location: Nottingham, UK Age: 45 Posts: 786	Something on the BBC website. A Windows worm that tries almost every trick in the book to infect computers is steadily spreading across the net. The malicious program, named Nimda, attacks both personal computers, network servers. The virus can even be contracted just by browsing webpages generated by infected servers. It spreads by plundering address books to generate lists of recipients it can send itself to, looks for common loopholes in some versions of Windows web server software and uses hijacked machines to search for more targets. Although spreading quickly experts said the worm was unlikely to cause widespread disruption, but they warned people to be on their guard. Infection invitation "The reason it's become so widespread is because it not only travels via e-mail but it contaminates web sites as well," said Graham Cluley, senior technical consultant for Sophos Antivirus. Once it has infected a web server the Nimda Windows worm scans the net for machines that have not installed patches for well-known vulnerabilities. It looks for the loophole that Code Red exploited as well as 16 others. It can affect machines running Windows 98, 95, Me, NT and 2000. The worm may cause disruption to some networks because it makes infected machines carry out up to four times as many scans as those compromised by Code Red. Infected machines also hide a copy of the virus on the webpages they display. Browsing these pages with certain unpatched versions of Internet Explorer will mean that machine is infected. According to the Computer Emergency Response Team some browsers will automatically run the downloaded file. The Nimda worm also uses other methods to spread. It scans webpages for e-mail addresses and sends a message to that site with a copy of the worm attached. It can also interrogate copies of a program called Microsoft Exchange that many companies use as a "post office" for the e-mail and messaging systems that their staff use. Attacking terrorism E-mail messages generated by the worm have a random subject line and attach a file plucked randomly from the hard drive of an infected PC. Riding alongside the attachment is a copy of the virus. The worm can also copy itself to any shared directories it finds on networks it has compromised. "This one is the Swiss Army knife of worms," said Dan Ingevaldson, a spokesman for Internet Security Systems. "It really seems to try everything." Although the networks within some businesses have become clogged by the scanning activities of infected machines and e-mail messages they are generating, experts do not think Nimda will cause widespread disruption. Since the Code Red scare in August many vulnerable machines have been patched and far fewer are now at risk. The panic over Code Red began when a variant of the original worm infected more than 250,000 machines in only a few hours. Analysis after the outbreak revealed that the web traffic jams attributed to Code Red were due to a train crash in a tunnel that severed key net cables. Although some hackers have targeted websites seen as sympathetic to the terrorists behind last week's attack on the World Trade Centre US Attorney General John Ashcroft said there was no sign that the release of Nimda was another retaliatory attack. "There is no evidence at this time which links this infection to the terrorist attacks of last week," he said. The FBI also warned that a group of hackers calling themselves the Dispatchers were set to launch attacks "against organisations associated with the perceived perpetrators of the 11 September, 2001 terror attacks." The FBI said the group was targeting computer systems used by communications and finance firms and said they would ramp up their activities Tuesday 18 September.