A new strain of a fast-spreading, complex computer worm called Nimda is posing a major security threat to servers and networks, says the Internet security organization, CERT.
The worm affects PCs and servers running Windows or Unix systems, CERT warns. Mac OS is not reportedly affected, but any threat posed to the Unix-based Mac OS X Server, or Mac OS X has not yet been explained.
Virus experts say Nimda – admin spelled backwards – is a denial-of-service attack-tool similar to Code Red. It is believed to breed in at least three ways: as an email virus, through sharing over networks, and via Web pages. Experts say corporations should take maximum precaution at this time.
Virus expert, McAfee’s senior vice president Arvind Navrain said: “We are advising people to show extreme caution. This is a cocktail of a worm plus a virus.” Nimda arrives with a README.exe executable file attached in the email. If a victim clicks on the file – which poses as an Audio Wave file – the Nimda worm will install itself inside the victim’s machine. It can also install itself onto computers accessing Web pages held on infected host computers, reports claim.
Once Nimda installs itself, it begins scanning across intranets or the Internet on Port 80 to find servers against which to launch denial-of-service attacks. Experts currently suspect the worm of having emerged from China.
Once Nimda invades a Web server, it tries to alter Web pages with a particular JavaScript addition. When a victim with a Web browser tries to download the Web page, the Nimda JavaScript addition presents a prompt, asking the user to accept the page. If the user does, the cycle of infection continues. There is some concern that Nimda may work by not only requiring the prompt, but also by simply infecting through the Web browser.
Because this worm is so virulent, and the full extent of its attacks are not yet known, security experts are advising multiple defences be put in place. They urge the use of anti-virus software, the filtering out of executable attachments, and even cutting off Internet access.