Quantcast

Nimda Poised to Reappear, Say Researchers

Worm set to again propogate via e-mail, starting Friday morning.

Deborah Radcliff, Computerworld

  • 0 Yes
  • 0 No

Researchers have discovered a third vector to the Nimda worm, which is set to propagate again through e-mail at 1:00 a.m. Eastern time Friday.

"We rechecked the code base to Nimda, and we found a code set that is supposed to respread Nimda through e-mail systems starting ten days after machines were first infected," said Oliver Friedrichs, director of engineering at the Attack Registry and Intelligence Service. That service is sponsored by SecurityFocus, a business security firm in San Mateo, California.

Ten days after first infecting machines, the worm will attempt to respread itself through readme.exe attachments, with the same payload as its original mail-based infection.

The impact could be significant or minute, depending on how well the IT community has cleaned systems and patched Microsoft Internet Information Server and Outlook programs. The 10-day vector will likely be less severe than Nimda was the first time because more systems have been patched against the vulnerabilities, Friedrichs said.

But because Nimda has spread itself to so many places on computers, networked systems may not have been cleaned enough to prevent widespread mailings of the virus. Therefore, Friedrichs advised IT managers to do the following:

  • Double-check their patches.

  • Make sure their antivirus software blocks Nimda.

  • Block executables files at the e-mail gateway.

  • Alert users not to preview or open any attachments that say readme.exe.

Computerworld
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.

  • Recommend this story?
  • 0 Yes
    0 No

Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.

Featured APC Accessories For Your System
10% Off Entire Cart at Online Store

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • HP Ink Center Bring improved color and brilliance to your printed material. Visit the Resource Center for more info...
  • Lenovo Laptop Showcase Find out how Lenovo IdeaPads and Thinkpads balance performance and portability. Visit the Lenovo Resource Center for more info...

PC World's Marketplace