Posted on: Wednesday, September 19, 2001
'Nimda' Internet worm hits Hawai'i
Advertiser Staff and Wire Services
The "Nimda" worm, the latest scourge of the Internet, invaded Hawai'i yesterday, causing a network slowdown at the University of Hawai'i and putting computer system administrators on alert.
The university said on its Web site that e-mail and Internet service would be "intermittent" yesterday as it coped with the worm, which has affected thousands of computer networks nationwide.
The worm, a self-replicating piece of computer code that attempts to work its way into unprotected servers, is considered a greater potential threat than the "Code Red" worm that spread around the world this summer.
The malicious software program, known as W32-Nimda, is complex and designed to spread to computer users who open infected e-mail or visit an infected Web site. The program has generated more traffic on the Web, slowing down many users.
Security experts said it had already infected tens of thousands of computers, including those at several large companies.
UH is one of the first large users in Hawai'i to report infection by Nimda. Others are vulnerable, however. Oceanic Communications, owner of Internet service provider Roadrunner, has received no customer complaints about the worm, but the virus has been detected on several local networks, Oceanic spokesman Kit Beuret said.
The state government's computer network had not been compromised as of yesterday afternoon, but some state systems were reporting higher-than-usual "firewall" activity, said Mary Alice Evans, deputy comptroller of the Department of Accounting and General Services. Firewalls are systems that reject unwanted intruders such as viruses, worms and hackers.
Like Code Red, Nimda scans the Internet for unprotected servers that use certain versions of Microsoft networking software. If Nimda breaches a computer's defenses, it can slow down the system by generating enormous network traffic.
"There is so much traffic (caused by the worm) that it . . . makes you think the Internet is down," said Alan Paller, director of research at the SANS Institute, a computer security think tank.
The Internet as a whole is functioning normally with no widespread slowdowns, according to Internet monitoring firm Keynote Systems.
But Nimda has several other noxious attributes. Once one computer on a company network is infected, it can also travel across the network to attack others. Together, this can cause an entire corporate network to be infected if even a single worker visits an infected Web site.
It can cause computers to open up their hard drives as if they are servers, leaving the system vulnerable to further attacks.
Finally, it can send itself through an e-mail attachment, much like the "I Love You" and Anna Kournikova e-mail viruses. The sender address is faked, and may be a well-known address. Researchers said they weren't sure how the address is generated. The attachment may be named "README.EXE."
The threat is easily countered with a Microsoft patch available on the Internet.