A Worm Named Nimda

Nimda worm virus AP

Nimda, the latest computer worm, has taken its show on the road.

The virus-like program has been shutting down Internet sites in Norway, Japan and other nations. Meanwhile, in the U.S., the Nimda worm is starting to abate.

The Nimda computer virus spread at dizzying speed through parts of Asia for a second day on Thursday. But experts said the worldwide outbreak may be close to peaking for the powerful server machines that drive the Web.

Computer security experts have described Nimda, the origin of which is not yet known, as the fastest-spreading computer virus ever.

To outwit the worm, computer users must update their anti-virus software. As usual, they also ought to be wary of launching e-mail attachments.

The Nimda virus does not hurt computer hardware, but clogs Internet traffic and e-mail access with junk, slowing them considerably.

Unlike a worm, which is a virus spread through e-mail attachments, the Nimda virus can be caught just by surfing the Internet. If Internet users stop at a Web site that's been infected, their personal files can be infiltrated by the virus.

Nimda, which is "Admin" spelled backward, targets Windows-based servers and computers. It has caused Web sites across the world to shut down.

Nimda appears to combine the worst characteristics of this summer's Code Red Virus and those of "I Love You," "Melissa" and other e-mail viruses that have plagued PC users for the past couple of years, reports CBS News Computer Consultant Larry Magid.

Experts implored computer users to update their anti-virus software and visit Microsoft's Web site to download protective software before reading their e-mail or visiting other Web sites.

Several researchers noted that the first reports of the worm came almost exactly a week after the twin terrorist attacks in Washington and New York. But Attorney General John Ashcroft has said there is no evidence linking the worm to last week's attacks.

Web search engine company Yahoo was one of the firms infected by the Nimda, company spokesman Kevin Timmons confirmed. The company's nonpublic corporate network has been infected, but the public Web site is not.

Every major anti-virus company has updated software that can detect and remove Nimda.

Microsoft has provided several different updates for both Web servers and home computers on its Web site.

The only clues to Nimda's origin are the words "Copyright 2001 R.P.China," which indicates a possible — but far from definite — link to China. Also, the words "Concept virus," appear.

Alan Paller, director of research at the Sans Institute, a computer security think tank, said Nimda is far more efficient and powerful than the "Code Red" worm, which hit in July and August.

"Each time we turn over a rock, there's another...way it weaves itself in," Paller said. "This one's going to be with us a long time."


©MMI CBS Worldwide Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. Reuters Limited contributed to this report
  • CBSNews.com staff CBSNews.com staff

Comments