Nimda worm wriggles throughout Asia

Most of Asia has been put on worm alert as W32.Nimda, a mass-mailing worm, greeted users Wednesday morning by infecting their address books, computers and servers.

Nimda, which tops the high-risk list of anti-virus vendors' Web sites, is believed to be more widespread and costly than the Code Red viruses that caused an estimated US$2.6 billion in recovery costs, according to Network Associates Inc. (NAI), parent of anti-virus vendor, McAfee.

"We've received seven times the call volume in the Asia-Pacific region today, compared to any regular day," said Ric Byrnes, director of support and services for NAI Asia-Pacific.

Traffic on NAI's own Web site was so heavy that it had to put out an apology for slow page display.

The worm does not discriminate between users and has affected both enterprise and home computers, Byrnes said. The "cocktail virus" the worm contains can spread via e-mail, and has the potential to generate so much Internet traffic that it slows down networks, he said.

Once Nimda infects a machine, it attempts to reproduce itself in three ways. It has its own e-mail engine and will try to send itself out using addresses stored in e-mail programs. It also scans unpatched Internet Information Servers (IIS) looking for vulnerability and then attacks those servers. Finally, it searches for shared disk drives and tries to reach those devices, an NAI statement said.

However, a patch to the vulnerability that it exploits in Microsoft IIS has been available since the Code Red worm outbreak, and those who updated their anti-virus software would have been protected.

Ironically, Microsoft Co. Ltd. in Japan said MSN Japan servers were infected at 11pm Tuesday night for about an hour. The company warned that anyone who browsed the pages at that time might be infected.

The hour immediately after 11pm is the busiest time on Japan's Internet because NTT DoCoMo Inc.'s night-time rate telephone charges and flat-rate Internet access services start from 11pm.

Microsoft could not be reached for comment.

Also, Kyodo News Service said in a report that its servers were infected and also said those of the Chunichi Shimbun (newspaper) in Central Japan, Waseda University in Tokyo and Yamanashi Gakuin University were infected.

According to David Banes, regional manager for Symantec Corp.'s Emergency Response Team in Asia, there were Nimda reports from New Zealand, Australia, and Hong Kong.

Worms have become a trend in recent months. Just as there were macro viruses that attacked Microsoft Word documents and Microsoft Excel spreadsheets a few years ago, and Flash viruses, such as NakedWife.exe, worms are the "trend of the day," NAI's Byrnes said. "The danger is that (Nimda) has the ability to work through the Internet and intranets, as opposed to just e-mail," he said.

While some Internet security experts had warned of the potential for increased virus activity after last week's attacks on the World Trade Center and the Pentagon, there is no evidence that links Nimda to the U.S. attacks, anti-virus vendors said.

NAI said that customers should adopt a multilayered anti-virus strategy, to protect both e-mail as well as their Internet gateway points.

The impact of the Nimda worm in Asia-Pacific is still unknown, especially since virus writers could still pull apart the existing worm and create variants, Byrnes said.

"How quickly Nimda spreads is dependent on how many users have been exposed and how many have patched their systems," Symantec's Banes said. "As more people become aware and update their anti-virus software, you would hope the spread will slow down."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stephanie Sim

Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?