Nimda uses multiple methods to attack servers and PCs using Windows software. It combines elements of the Web-based Code Red virus, which targetted servers using Microsoft's Internet Information Server (IIS) software, with a mass-mailing component enabling the virus to propagate on a massive scale. It can also spread across open network shares or across shared drives that allow connections via the username guest without the need for a password.
"It is generating a lot of Internet traffic, and a lot of Web sites have been receiving a lot of bogus requests," said Graham Cluley, senior technology consultant at antivirus firm Sophos. "Web surfers will definitely be seeing a slow-down."
Analysis of the worm's activity by Matrix.org reveals that at 18:00 GMT yesterday, the reachability of Web pages dipped late on Tuesday to 91.3 percent--a 2 percent drop from the average length of time that it has been taking to load Internet pages in the last 24 hours. Some antivirus experts believe this suggests that the worst of Nimda's effects may be over. "From a worm-tracking standard, Nimda appears to have peaked already," said David Perry, global director of education at Trend Micro.
Home computers are most at risk from the Nimda virus, as most corporate systems running IIS software will already have been patched against the Code Red exploit. "Nimda is vastly more complex than Code Red as it is able to affect end users' PCs," said Perry.
Nimda arrives as an attachment entitled "Readme.exe", which is programmed to exploit a MIME vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express and Internet Explorer. The email automatically archives the attachment, enabling the executable file to run without the end user having to double-click on the attachment.
Trend Micro reports that in the last 24 hours, 24,000 infected computers have been identified out of the 60,000 that have visited antivirus.com for scanning.
Play video
There are currently no comments for this post.