Nimda Virus Continues to Spread

NEW YORK — The Nimda computer worm continued to spread Thursday as virus experts called it one of the worst bugs in history.

The worm, which gained steam Tuesday, is spreading itself via e-mail, Web browsers and corporate networks. It has clogged servers and slowed traffic on many corporate networks, and has infected thousands of home personal computers. The worm is designed to resend itself every 10 days if it isn’t deleted. In addition, it can turn computers into zombies that can be used to launch future denial-of-service attacks on Web sites.

Virus experts have learned the worm can modify files on PCs and expose files to intruders, said Bill Pollack, spokesman for the Computer Emergency Response Team Coordination Center, a federally funded group at Carnegie Mellon University in Pittsburgh that monitors Internet security.

The worm appears to be widespread. The Web site of Corp., an antivirus software provider, has conducted free scans of about 180,000 PCs in the last 24 hours, said April Goostree, virus-research manager. Some 35% of them were infected with the worm.

“I would consider it spreading at a fairly rapid rate, although not as rapid as Tuesday,” Ms. Goostree said.

Mikko Hypponen, manager of antivirus research at F-Secure Corp., a Finnish firm, said Nimda ranks among the five most serious viruses ever.

One particularly insidious effect is that Nimda has created a drag within corporate networks. “The worst effect caused by the worm is an actual increase in traffic, especially inhouse in corporations,” Mr. Hypponen said. “Networks are slowing down.”

Besides e-mail, one way Nimda spreads is from PC to PC on shared systems. It makes these systems less secure, particularly within a company. Unless the worm is deleted, an employee could conceivably gain access to the files of any other employee, Mr. Hypponen said.

Nimda infects PCs and servers running various versions of Microsoft Corp.’s Windows operating systems.

“This is being considered one of the worst seen so far in terms of its impact,” and because it is so widespread, said Robert Vibert, the moderator of the Anti-Virus Information Exchange Network’s Web site. The not-for-profit Web-based organization is made up of computer-security specialists for business, educational and government organizations world-wide. Mr. Vibert said the gist of the postings on the site Wednesday was: “Who wasn’t impacted? Who didn’t get hit?”

Although Nimda uses multiple approaches to infect a computer system, Mr. Vibert said that in most cases, information-technology specialists can apply a “patch or fix and reboot servers” within an hour or so of identifying the virus, or at least isolate infected computers for future repair.

Mr. Vibert said that “because [Nimda] is Internet-based, you can’t stop it. So it’s still out there,” and will show up in unprotected computers for months to come.

Several companies acknowledged being affected by Nimda, but said the worm hasn’t substantially disrupted business.

Ford Motor Co. spokesman Pete Olsen said, “We were affected Tuesday, but it was nothing major and did not disrupt [production], and we’re back to normal today.”
Mr. Olsen didn’t know the numbers of Ford workstations that may have been infected with the virus, but said it wasn’t significant.

Eric Apodca, a spokesman for General Motors Corp.’s Information Systems and Services unit, said GM “has seen the virus in different parts of the company, but the overall impact has been minor to insignificant” due to antivirus precautions. “There was no major business disruption at all.”

Gerald Isaacson, an information-security officer at the Massachusetts Institute of Technology in Cambridge, which has a huge computer network, said, “We didn’t have much problems here because we got our antivirus updates out early and warned people not to open attachments. As of last night, we weren’t sending any Nimda mail out of MIT, so it means there were no infections on campus” that were replicating infected e-mail.

“The only impact is that the network has been slow,” Mr. Isaacson said.

Copyright (c) 2001 Dow Jones & Company, Inc. All Rights Reserved.