New Brunswick: Nimda Cripples Government Computers

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

CBC

The worm that has slowed the Internet to a crawl has put New Brunswick's government computer system out of business.

Computer experts warn that the Nimda – which is "admin" spelled backwards – might be the beginning of more worms and viruses.

Vincent Gullotto, head virus fighter at software company McAfee, said that by midday Tuesday, Nimda had affected "thousands, possibly tens of thousands" of targets.

The impact of Nimda on New Brunswick has shut down such services as vehicle licence registration.

Similar to the Code Red worm that hit computers in August, the worm tries to break into Microsoft's Internet Information Services software, which is typically found on computers running Microsoft Windows NT or 2000.

The worm can slow down the Internet for many users and knock Web sites or whole networks off-line. It has the capability to spread through e-mail, or to computers accessing infected Web sites.

Experts recommend people be extremely careful using the Internet, especially for such functions as Web banking.

Most home users, including those running Windows 95, 98 or ME, are not affected.

Computer technologists have been on the lookout for Web-based terrorism since last week's attacks on the World Trade Centre and the Pentagon. But U.S. Attorney General John Ashcroft said there's no evidence of a link between this Internet infection and last week's violence.

Claude Dufrane, director of computing services at the University of Ottawa, says right now, there's a heightened awareness for cyber-sabotage.

"We constantly are on the lookout for attacks on our system," he said. "They're frequently more of a recreational type than a serious threat, but nonetheless we treat them seriously."

-- Rachel Gibson (rgibson@hotmail.com), September 19, 2001

Answers

Nimda computer virus hits NAB Sep 20 Mandy Bryan and George Lekakis

view graphic

The National Australia Bank has blamed the virulent and multi-faceted Nimda worm for severe outages that struck its internet trading, online and telephone banking systems as well as some ATMs yesterday.

NAB was just one of hundreds of Australian businesses bogged down - and in some cases brought down - by Nimda, which has been dubbed the Swiss Army knife of computers because of its multi-pronged methods of propagation.

However, angry business customers of the bank said yesterday that they had been experiencing problems with NAB's internet banking service since Tuesday morning.

"We were unable to get payments through the online merchant facilities in the last two days," one Melbourne-based businessman said.

"We're an internet-only business, so this has been a nightmare for us."

The bank said last night that it had contained the outbreak, that all services had returned to normal and that customer data had not been compromised by the attack.

Nimda creates vulnerabilities of its own. Its name spells "admin" backwards, because of the backdoor it creates on infected machines that gives hackers "administrator" access to a network, according to the Australian Computer Emergency Response Team, AusCERT.

"Nimda does have a payload. If you are infected, the network is vulnerable to a confidentiality attack at a later stage," said AusCERT's threat assessment manager, Ms Kathryn Kerr.

Unlike Code Red, which only attacked web servers but which still had an estimated clean-up bill of $US2.6 billion ($5.2 billion), Nimda infected a variety of services and clients, multiplying the financial ramifications, Ms Kerr said.

And whereas Code Red largely attacked business systems, consumers were also vulnerable to Nimda because of its ability to propagate through email.

The virus, which attacked thousands of users overseas on Tuesday night, has struck at a time when companies have been on alert for a wave of cyber-terrorist attacks following last week's US bombings.

IT analyst Gartner predicts that as the US wages its war against terrorism, "hactivism" attacks will be rife across the world wide web.

Hackers have reportedly already attacked websites connected to Afghanistan's Taliban rulers and other Islamic nations.

But while the FBI has begun investigations, Nimda is not believed to be connected to last week's attacks.

Nimda duplicates itself via email when an attachment called README.EXE is opened. It is also spread by those browsing infected websites. It capitalises on a number of vulnerabilities in Microsoft's IIS webserver software, including those left by its predecessor, Code Red II, from where it launches attacks on other web servers.

Like Code Red, Nimda can also affect internet performance as it scans, but AUScert said this did not affect web traffic in Australia yesterday.

Anti-virus vendors were scrambling yesterday to provide software updates for their customers.

Mr Paul Ducklin, the head of global support for Sophos Anti-Virus, said phones were running hot as people reported infections or sought protection from the threat.

According to Mr Ducklin, the multi-faceted virus requires a multifaceted response. Companies needed to ensure their web server was patched, that their anti-virus software was updated and to check for infected web pages, he said.

http://afr.com/it/2001/09/20/FFXGDOG0SRC.html

-- Martin Thompson (mthom1927@aol.com), September 19, 2001.


Moderation questions? read the FAQ