Worm continues its assault in Asia

The Nimda worm continues to breed across the Asia-Pacific region as more computer systems are infected on the second day of its pervasion into e-mails, servers, and browsers across the globe.

Computer Emergency Response Teams (CERTs) around Asia have seen an increased number of reports and many CERTs said this may not even come close to the actual number of infections.

"By noon today, we received about 60 calls and that does not include calls made to the anti-virus vendors or those who do not know that they are infected," said Roy Ko, center manager for Hong Kong's CERT coordination center. Having more calls reporting infections on the second day after a virus is first detected is a standard pattern that Asian CERTs face, he said.

When viruses hit the U.S. or Europe, it usually takes about 48 hours before similar effects are experienced in Asia, Ko said, adding that it usually takes that amount of time for a virus to propagate in Asia-Pacific.

Australia's CERT reported "a lot of activity," with the worm damaging hundreds of Web sites, said Kathryn Kerr, Threat Assessment manager at AusCERT. She declined to name the Web sites infected, but suggested that users disable the JavaScript on their browsers to reduce the risk of infection.

Since Nimda has the ability to maim systems with its three-pronged assault on e-mail, servers and browsers, having an updated anti-virus software might not be enough to exterminate it.

"Servers that are protected by anti-intrusion and anti-virus software could still be affected even though they are not infected," Ko said. The worm has such a heavy payload that it can flood bandwidth and cause denial of service even for protected sites, the only difference being that the worm cannot get into the "safe" system to infect it, he said. "But there will be persistent knocking on the door," he added.

Malaysia's emergency response unit has identified at least 100 unique ports that have been infected over the last two days, although authorities are quick to caution that this number does not reflect the real number of infected cases.

"We expect more damage than Code Red," said Malaysia CERT (MyCert) manager, Raja Azrina Raja Othman. The worm has also been found to infect local area networks with folder-sharing capabilities, especially among users without passwords, she said.

Raja Othman said MyCert is working in collaboration with other CERTs in the region to combat Nimda and to find out more about its behavioral patterns.

"We've observed a few different behaviors, like how it reacts with random and sequential IPs. It's not clear if it is simply acting out its random nature, or the difference (in behavior) is caused by a variant virus," she said.

According to Hong Kong CERT, another potentially damaging effect is the backdoor access Nimda opens up to third parties. "Anti-virus software can prevent the worm from infecting the system, but once the system is infected, you need to spend effort to clean and patch the system," Ko said, adding that the time and money spent to rid the virus counts towards the cost of damage caused.

Unfortunately, the measures taken to fight viruses are still very much reactive. "Until we set up proactive steps, it will be hard to protect ourselves from all viruses," Ko said, adding that anti-virus technology is not up-to-speed with the skills of virus writers.

While there are intelligent programs that can weed out certain virus patterns and detect them before an infection can take place, such programs are too large to run on ordinary commercial systems, he said.

In Singapore, only two cases were reported were reported on Thursday, compared to zero reports on Wednesday, a SingCert spokeswoman said, once again proving that the number is not indicative of those infected. "We will continue to monitor the situation closely," she said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stephanie Sim

Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?