Nimda virus causes havoc in Japan

Thursday, September 20, 2001 at 09:30 JST TOKYO — A new computer virus dubbed W32/Nimda was confirmed in Japan on Wednesday that has infected computers in the finance, farm and education ministries, local governments, companies, universities and news organizations including Kyodo News.

If infected computers are left untreated, the virus will destroy files and the volume of Intranet and Internet communication will increase exponentially, threatening network paralysis, antivirus firm Trend Micro Inc said.

W32/Nimda is considerably more virulent than past viruses, it said, adding that more than 20,000 computers around the world may have been affected by Wednesday evening.

The Information Technology Promotion Agency of Japan, which is affiliated with the Economy, Trade and Industry Ministry and monitors computer viruses, has been calling for caution against W32/Nimda.

It hit servers in the Agriculture, Forestry and Fisheries Ministry and the Education, Culture, Sports, Science and Technology Ministry, leading them to shut down their web sites.

The in-house computer network in the Finance Ministry was also infected with the virus, but the ministry's key network operations were not affected.

Also affected were local government computers in Tajimi in Gifu Prefecture in central Japan, Himi in Toyama Prefecture, Nagano Prefecture in central Japan, Mie Prefecture in western Japan, Miyagi Prefecture in northeastern Japan, and Saga Prefecture in southwestern Japan.

The education ministry said computers at five national universities were also affected by the virus. The universities affected were Ochanomizu University, Saitama University, Tokyo Institute of Technology, Kyoto University and Hyogo University of Teacher Education.

Also affected were servers for research in the city of Nagano, Yamanashi Gakuin University's web site and computers at Waseda University research facilities.

According to Yamanashi Gakuin University officials, when a staff member tried to access the university's web site before 9 a.m. Wednesday, a program was downloaded and the computer did not function properly.

Yamanashi Gakuin University in Yamanashi Prefecture, central Japan, stopped access to its Web site from users off campus and halted use of the computer network in a bid to assess the extent of damage, they said.

Computers at Sony Corp, Toshiba Corp and Fujitsu Ltd were also infected by the virus.

Tsuru Credit Union, also in Yamanashi Prefecture, was hit. It shut down its web site, making clients unable to deposit money or check their account balances online.

Meanwhile, Microsoft Corp's Internet connection service MSN was also found to be affected around 11 p.m. Tuesday.

The Nagoya-based Chunichi Shimbun Newspaper Publishing Co confirmed that some of its computers were infected late Tuesday, but added that there were no problems with publishing.

Some Kyodo News servers were infected, but its web sites and news transmissions are continuing without problems. Mainichi Newspapers Co said its photo database was hit, but its operations were not affected.

On Tuesday, U.S. Attorney General John Ashcroft warned that the virus could infect computers worldwide and that the U.S. Federal Bureau of Investigation is looking into whether it is linked with last week's terrorist attacks in the United States. Ashcroft said so far there is no evidence to suggest a connection.

But W32/Nimda could cause even more problems than the destructive Code Red virus that attacked computers around the world earlier this summer, Ashcroft added. (Kyodo News)

http://www.japantoday.com/e/?content=news&cat=4&id=80013

-- Martin Thompson (mthom1927@aol.com), September 20, 2001

Answers

Nimda virus cripples bank, hospitals, MPs

By Kirsty Needham

Computer systems at five Sydney hospitals have been crippled by the rapidly spreading Nimda virus, forcing hospital pathology labs to revert to manual emergency procedures.

The chief executive of the Royal Prince Alfred Hospital, Dr Diana Horvath, said staff across the entire Central Sydney Health Service had lost email and computer access. Billing was a problem but, of most concern, pathology labs were unable to print results.

The virus struck early on Wednesday, by-passing the hospitals' virus protection software and causing a massive surge in the network. While the RPA pathology lab was restored late yesterday, Rozelle, Balmain, Concord and Canterbury hospitals systems remain down.

"It is a real nuisance in a hospital because it slows you down. We have had to prioritise clinical and lab staff so no-one is endangered," Dr Horvath said.

She could not say how long it would take clean up the computer network. In the meantime, lab results are being hand-delivered to wards.

Nimda, or "admin" spelt backwards, emerged in the US on Tuesday and rapidly spread to more than 130,000 computers, before hitting Asia and Europe.

The Australian Computer Emergency Response Team said several hundred computers had been infected locally.

"This virus is propagating more quickly than previous viruses and it's not just an email virus," said AusCERT's threat assessment manager, Ms Kathryn Kerr. "You can get it via infected Web servers, email, and by simply browsing on the Internet and clicking on to an infected Web site."

AusCERT has warned Internet users that they should disable the Java Script on their computers to prevent this.

Parliament House in Canberra yesterday suspended all browsing on the Internet as a precaution against the virus.

Microsoft has denied reports that parts of its own Web site had become infected with Nimda and had passed on the virus to Internet users visiting the site.

National Australia Bank saw its automatic teller, Internet banking, phone banking and broking services disrupted by the virus on Tuesday.

Only computers running the Microsoft Windows 95, 98, ME or IIS operating systems are vulnerable to the virus.

http://www.smh.com.au/news/0109/21/biztech/biztech6.html

-- Martin Thompson (mthom1927@aol.com), September 20, 2001.