New 'Nimda' Worm Running Rampant Via Outlook and IIS Servers
If you’re reading this, it’s because my ISP’s server is back online after being attacked by the new 'Nimda' worm. What’s tough is that it attacks both PCs and servers, so it’s really run rampant today.
Some colleagues and I have wondered if there’s any correlation between this virus and terrorism activities. Far fetched? Well, even reporters have asked the FBI, who won’t comment. We can’t blame everything that happens on terrorist activities, but I do think we need to keep our eyes open and stay aware.
Don’t assume your virus protection is current. Check it regularly. Many programs will remind you or even automatically update them (but don’t assume that they do it all the time, either!). Also remember NOT to open every attachment that happen to come into your email, even from a friend or colleague. Make sure it’s really a legitimate attachment and that your virus software is totally current when you open it.
This particular virus also causes a popup message at a Web site residing on an infected server asking you to download a Readme.exe file. Don’t do it! Don’t assume that you need to download something like this.
From the Associated Press article, FBI Investigating New Internet Worm,
" 'It’s causing enormous pain because it is at least an order of magnitude more aggressive than Code Red,' said Alan Paller, director of research at the nonprofit Sans Institute. 'It’s a pretty vigorous attacker.' "
Here’s some of the latest information about it as of this moment:
[09/18/01 12:38:50 PM PDT, Symantec]
FBI Investigating New Internet Worm
[09/18/01 12:38 PM EDT, By D. Ian Hopper, Associated Press]
Lethal worm spells double trouble
[09/18/01 02:15 PM EDT, By Robert Lemos, ZDNet News]
New Computer Worm Hits Both Servers and PCs
[09/18/01 updated 8:22 PM EDT, Reuters]