NIMDA WORM MAY BE PEAKING, HARD TO TRACK.(Reuters) - The outbreak of the Nimda computer worm A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. , which has spread rapidly across the Internet, appeared to have peaked on Wednesday for the powerful server machines that drive the Web, but the number of infected PCs may never be known, computer security experts said.
Nimda, a versatile program that spreads itself by e-mail and Web surfing Refers to jumping from page to page on the Web. Just as in "TV channel surfing," where one clicks the remote to go from channel to channel, the hyperlink on Web pages makes it easy to jump from one page to another. , also targets personal computers, a twist that has allowed it to spread faster and made it harder to track, analysts said.
The self-replicating bug, which scans networks for uninfected computers, threatens to slow the performance of the Internet and e-mail even though it does not erase files or damage systems, experts said.
"Since late yesterday the number of infected Web servers has come down," said Joe Hartmann, director of North American North American
named after North America.
North American blastomycosis
see North American blastomycosis.
North American cattle tick
see boophilusannulatus. anti-virus research for Trend Micro, a Cupertino, California-based computer security company. "A lot of users have upgraded and done what they need to do to take care of the problem."
Shortly before 10 a.m. PDT PDT
Pacific Daylight Time
PDT Pacific Daylight Time
PDT n abbr (US) (= Pacific Daylight Time) → hora de verano del Pacífico
PDT on Tuesday, The Cooperative Association for Internet Data Analysis The Cooperative Association for Internet Data Analysis (CAIDA (IPA: /ˈkeɪdə/)) is a collaborative undertaking among organizations in the commercial, government, and research sectors aimed at promoting greater , or CAIDA CAIDA Cooperative Association for Internet Data Analysis , part of UC San Diego's Supercomputer Center, had logged 150,000 infected computer servers and PCs worldwide. But by late afternoon Wednesday, that figure had dropped to about 66,000.
"The fact that there's been a 50 percent reduction in less than 24 hours is an amazing improvement over Code Red," said David Moore David Moore is a common English name and may refer to:
Still, the mere presence of the worm has forced some companies to shut down parts of their networks to prevent infection or further exposure. The highest concentration of infected systems was in Canada, Denmark, Italy, Norway, the U.K. and the United States, said Chip Mesec, head of product marketing for San Mateo, California-based SecurityFocus.
"Anyone looking at traffic from this thing is likely only seeing a leg of the elephant," said Allan Paller, director of research the SANS Institute, an education institute for network and computer security in Bethesda, Maryland.
It was still too soon to tell with any certainty where the worm had originated, and it may still take several days to weeks for computer-security experts to piece that together. Moreover, many computers and PCs may still be infected but are now cut off behind firewalls.
Internet security experts had warned of the potential for an increase in invasive computer program after last week's attacks on the World Trade Center and Pentagon, but U.S. authorities have said there was no sign of a direct link to those events.
The worm first appeared in the United States Tuesday, spread to Asia overnight, and thousands of European businesses opened business on Wednesday with infected computer systems.
The worm, the name of which spells admin backward, sends infected e-mail by culling culling
removal of inferior animals from a group of breeding stock. The removal is premature, i.e. before completion of its life span, disposal of an animal from a herd or other group. addresses from a user's e-mail program. It infects Web sites and PCs whose users surf those Web sites, and the e-mail bearing the Nimda worm contains an attachment called "readme.exe," which harbors the malicious program.
The attack could prove to be more widespread and damaging than the Code Red infections of July and August, which caused an estimated $2.6 billion in damage because Nimda appears to have been designed to spread quickly among PCs connected to a single network and not just servers, security experts said.
Market researcher Computer Economics Wednesday put the damage caused by Nimda at $530 million, although that could increase. The firm added that automated anti-virus updating processes, which are becoming more popular among businesses and consumers, helped keep the damage down.
Some companies have opted to take some portion of their computer network offline from the Internet while they make sure that it has not been infected, he said.
Intel Corp., the world's largest chipmaker chip·mak·er
A manufacturer of electronic and integrated circuit chips. , for example, jumped on the issue early on Tuesday, and its security team moved quickly to install e-mail filters to catch the worm, a company spokesman said, adding that it had not been hit but that e-mail had slowed due to the installation of the filters.
Nimda exploits an already detected vulnerability in Microsoft's Internet Information Server See IIS.
(World-Wide Web) Internet Information Server - (IIS) Microsoft's web server and FTP server for Windows NT.
IIS is intended to meet the needs of a range of users: from workgroups and departments on a corporate intranet to ISPs hosting websites that receive Web software running on Windows NT or 2000 machines, the same breach that the Code Red worms exploited. This time though, experts say, it seeks to infiltrate a server by identifying one of 16 access points.
Once Nimda infects a machine, it tries to replicate in three ways. It has its own e-mail engine and will try to send itself out using addresses stored in e-mail programs. It also scans IIS (Internet Information Services) Microsoft's Web server. IIS runs under the server versions of Windows, adding HTTP server capability to the Windows operating system. servers looking for Looking for
In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. the known vulnerability and attacks those servers. Finally, it looks for shared disk drives and tries to reach those devices.
"It's a like a person with a disease saying, 'Come and kiss me,"' Paller said. "It's going to be very hard to get rid of.
Patches are available for both the IIS vulnerability and Web browsers at http:/www.microsoft.com/security. The major anti-virus software companies updated their products to detect the Nimda worm Tuesday and made new versions of their programs available to customers on their Web sites.
"The only safe way to recover if your machine is compromised from this event is to unplug from the network and reload (1) To load a program from disk into memory once again in order to run it. Reload is entirely different than reinstall. Reinstall means that you have to run the install program from a CD-ROM or floppy disk and perform the installation procedure over again. all the software and apply the latest security patches," said Roman Danyliw, Internet security analyst with the CERT Coordination Center The CERT Coordination Center was created by DARPA in November 1988 after the Morris worm struck. It is a major coordination center in dealing with internet security problems. .