kain Posted September 19, 2001 WASHINGTON (AP) - Anti-virus researchers were fighting a new Internet attacker Tuesday similar to the "Code Red" worm that infected hundreds of thousands of computers several months ago. The worm, known as "W32.Nimda," had affected "thousands, possibly tens of thousands" of targets by midday Tuesday, according to Vincent Gullotto, head virus fighter at McAfee.com, a software company. Even when the attack isn't successful, the worm's scanning process can slow down the Internet for many users and can have the effect of knocking Web sites or entire company networks offline. The FBI is investigating the worm, said spokeswoman Debbie Weierman. The agency has not indicated whether the worm is connected to last week's terrorism attacks. On security e-mail lists, system administrators nationwide reported unprecedented activity related to the worm, which tries to break into Microsoft's Internet Information Services software. That software was the same targeted by Code Red, and is typically found on computers running Microsoft Windows NT or 2000. Most home users, including those running Windows 95, 98 or ME, are not affected. Ken Van Wyk, chief technology officer at ParaProtect, said the worm tries to wriggle in through 16 known vulnerabilities in Microsoft's IIS, including the security hole left in some computers by the "Code Red II" worm, which followed Code Red in August. Code Red, by comparison, attacked through only one hole, which could be patched by downloading a program from Microsoft's Web site. "It's causing enormous pain because it is at least an order of magnitude more aggressive than Code Red," said Alan Paller, director of research at the nonprofit Sans Institute. "It's a pretty vigorous attacker." In addition to direct Internet attacks, the worm can also travel via e-mail. The e-mail message is typically blank, and contains an attachment called "README.EXE." Antivirus experts warn that users shouldn't open unexpected attachments. Efforts to isolate and track the worm were hampered by the swiftness of the attack. Gullotto said the first report came at about 9 a.m. EDT, from a site in Norway. "It's taken down entire sites," Gullotto said. "I can't even get to the Internet right now." On Monday, the FBI's National Infrastructure Protection Center warned that a hacker group called the "Dispatchers" said they would attack "communications and finance infrastructures" on or about Tuesday. "There is the opportunity for significant collateral damage to any computer network and telecommunications infrastructure that does not have current countermeasures in place," officials said in a warning on the NIPC Web site. Last week, the FBI warned that there could be an increase in hacking incidents after the twin attacks in New York and Washington. They advised computer users to update their antivirus software, get all possible security updates for their other software, and be extra careful online. 0 Share this post Link to post
Zaldron Posted September 19, 2001 It's about time...virus spreading won't exactly decrease. They're a blessing, actually. They show us security holes. It's up to the hackers to make them harmless or devastating. 0 Share this post Link to post
Arioch Posted September 19, 2001 *sigh* By all indications, every single one of the exploits used with this latest worm have already been patched, even the "running executable from e-mails" one (which is more of a social engineering problem) if you're using Outlook. Why people don't keep up with the patches and the software upgrades is quite beyond me. 0 Share this post Link to post
Zaldron Posted September 19, 2001 Beats me. I just don't understand why people would like to read a README.EXE from a blank mail. Worst thing is that guys who know nothing do that, and we are the ones forced to repair their comps. ;) 0 Share this post Link to post
Naked Snake Posted September 19, 2001 Good god, another virus? Yes, and its "worse that code red". Ph33r this lame virus. Most people who make viruses are idiots (acually they are intelligent but they are jerks) that shit on their comps all day looking at porn and making gay viruses. 0 Share this post Link to post
læmænt Posted September 19, 2001 Beats me. I just don't understand why people would like to read a README.EXE from a blank mail. Worst thing is that guys who know nothing do that, and we are the ones forced to repair their comps. ;) Zaldron, you might be interested in this ;) Is it true that, as it says on Slashdot, that "Web servers compromised by this worm apparently attach a "readme.eml" to all web pages served... and due to a bug in IE5, it will automatically execute the file"? That doesn't sound real... 0 Share this post Link to post
Xenoman Posted September 19, 2001 This virus has shown it's effect on my comp already. I can't play games online because the ping has increased to 200 (And I have broadband). The comp is loading more resources (I can HEAR that. It's all shit. 0 Share this post Link to post
Captain Red Posted September 19, 2001 horra! i'm immune! my puta's so shit that it carn't run virus!!! 0 Share this post Link to post
Xenoman Posted September 19, 2001 Heh, keep your comp like that in a week or so and you'll be fine? 0 Share this post Link to post
Executor666 Posted September 19, 2001 This is why I swear by Windows 98 Second Edition. BTW, LOOK! IT'S ARIOCH! HIS FIRST POST IN MONTHS!!! W00t!!! 0 Share this post Link to post
Xenoman Posted September 19, 2001 Argh, I should've started using Linux a looong time ago. :/ 0 Share this post Link to post
Arioch Posted September 19, 2001 This is why I swear by Windows 98 Second Edition. BTW, LOOK! IT'S ARIOCH! HIS FIRST POST IN MONTHS!!! W00t!!! Open that attachment and you're still fucked. :) ... doesn't matter what e-mail client you use btw. 0 Share this post Link to post
Arioch Posted September 19, 2001 That's even more irritating, hehe. Oh and Xenoman, quit it or face the consequences. 0 Share this post Link to post
Xenoman Posted September 19, 2001 Oh and Xenoman, quit it or face the consequences. Now what's the problem??? 0 Share this post Link to post
DooMBoy Posted September 19, 2001 H4r h4r h4r.......think goodness I have Windows 98....... 0 Share this post Link to post
Crendowing Posted September 19, 2001 Most home users, including those running Windows 95, 98 or ME, are not affected WRONG!!!!. The computers at my school run on Win98, and they're suffering from the virus. 0 Share this post Link to post
Crendowing Posted September 19, 2001 I took a look at that "ThinkGeek.com" place, and I bookmarked it! That kind of place is what I've been looking for! 0 Share this post Link to post
Crendowing Posted September 19, 2001 How retarded is this? I think the virus e-mail got sent to my Hotmail account. Sender's name, according to it, was "Hahahaha....". OK, here's my question. Who in his or her right mind would open any e-mail where it had a sender like that? This goes to whoever sent that e-mail to me: YOU'RE A DUMBARSE!!!!!!! 0 Share this post Link to post
læmænt Posted September 19, 2001 This virus has shown it's effect on my comp already. I can't play games online because the ping has increased to 200 HAHAHAHAHAHAH loser!!!!! :P I almost never have ping below 200, and I'm on cable. That doesn't prevent me from playing though :P 0 Share this post Link to post
Recommended Posts