- The Washington Times - Tuesday, September 25, 2001

Companies and groups from around the world are back on track this week after a ruthless attack from a fast-spreading computer worm.
The "Nimda" worm began spreading early last Tuesday, and by nightfall many groups found themselves without e-mail, Internet access and many other computer services.
"By Wednesday, our whole system was down," said Mark Cooper, executive director of Lutheran Social Services of the Capital Area.
Mr. Cooper said the work stations of about 50 employees were infected after one worker opened an e-mail attachment with a README.EXE extension. When asked to put a dollar figure on the productivity lost, Mr. Cooper placed it in the $20,000 to $50,000 range.
Large companies were especially susceptible to the worm's attack, security professionals said. Because of the worm's ability to spread through local area networks, any group with more than 1,000 workstations likely felt some sort of effect.
"I think pretty much any company in the world got hit," said Roger Thompson, director of MalWare research for TruSecure, a Herndon computer security firm. "Everybody who got it was pretty badly affected. It was a massive problem for them."
Yahoo Corp., Microsoft Corp. and General Electric Corp. were all affected. Overseas, it was reported that 15,000 companies were affected in Europe.
The Norwegian Sports Federation was knocked offline for a day, and several Japanese companies suspended Internet transactions for a period.
Nimda the common computer abbreviation "admin" spelled backwards gains destructive force from the complex and multifaceted way in which it spreads. The worm exploits several vulnerabilities in software associated with Microsoft servers. In that regard, it is very similar to the Code Red Worm that spread in July. But Nimda, like a virus, also spreads via e-mail and can be downloaded automatically off infected Web sites. Its excessive scanning can flood servers with information and cause them to crash, and can damage many computer files.
Most security firms said they had clients that were infected by Nimda, though they declined to name companies. Many were hit with thousands of dollars in damages, said Shimon Gruper, executive vice president of Internet security technology for Aladdin Knowledge Systems, an Israel-based security firm with operations in the United States.
Referring to one company with multimillion dollar global operations, Mr. Gruper said, "every single desktop in the company was infected. Its web server was infected. It effectively shut down the company for an entire day."
The worm has slowed since last week after thousands of people downloaded the necessary security patches from Microsoft. The patches do not, however, stop the worm from spreading via e-mail or Web sites and cannot rid a computer of the worm once it's infected.
"If it's in a Web server it's probably virtually impossible to clean everything out," Mr. Gruper said.
Security professionals are still investigating the worm's origin, which Mr. Gruper said was likely somewhere in the United States.
Its author is currently unknown; the FBI said there was no connection between the worm and the Sept. 11 terrorist attacks, although some security professionals believe otherwise, noting that it first appeared at about 8:50 a.m. on the Sept. 18, precisely one week after the attacks.

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2020 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.


Click to Read More and View Comments

Click to Hide