Home & Office

Nimda worm causes Internet slowdown

Antivirus experts say the Nimda worm noticeably affected the speed of page delivery on Tuesday evening, but the worst is probably over
Written by Wendy McAuliffe, Contributor

A new Internet virus, which has been recognised as a hybrid of the Code Red worm, is expected to have a much greater impact on Internet traffic than its predecessor, according to antivirus experts.

Nimda uses multiple methods to attack servers and PCs using Windows software. It combines elements of the Web-based Code Red virus, which targetted servers using Microsoft's Internet Information Server (IIS) software, with a mass-mailing component enabling the virus to propagate on a massive scale. It can also spread across open network shares or across shared drives that allow connections via the username guest without the need for a password.

"It is generating a lot of Internet traffic, and a lot of Web sites have been receiving a lot of bogus requests," said Graham Cluley, senior technology consultant at antivirus firm Sophos. "Web surfers will definitely be seeing a slow-down."

Analysis of the worm's activity by Matrix.org reveals that at 18:00 GMT yesterday, the reachability of Web pages dipped late on Tuesday to 91.3 percent -- a 2 percent drop from the average length of time that it has been taking to load Internet pages in the last 24 hours. Some antivirus experts believe this suggets that the worst of Nimda'a effects may be over. "From a worm-tracking standard, Nimda appears to have peaked already," said David Perry, global director of education at Trend Micro.

Home computers are most at risk from the Nimda virus, as most corporate systems running IIS software will already have been patched against the Code Red exploit. "Nimda is vastly more complex than Code Red as it is able to affect end users' PCs," said Perry.

Nimda arrives as an attachment entitled "Readme.exe", which is programmed to exploit a MIME vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express and Internet Explorer. The email automatically archives the attachment, enabling the executable file to run without the end user having to double-click on the attachment.

Trend Micro reports that in the last 24 hours, 24,000 infected computers have been identified out of the 60,000 that have visited antivirus.com for scanning.

See the Viruses and Hacking News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards