Friday September 21, 2001 |
United Messaging: 'Nimda' Virus May Signal Cyber-WarUnited Messaging, Inc., the leading enterprise messaging solutions provider, today said the rapidly spreading Nimda virus shows the signs of being another salvo in a so-called "cyber war" designed to impact our technical infrastructure. Some security experts say initial indications are that Nimda was written by the same sources as the recent "Code Red" worm that caused $2.6 billion in damage. A number of reports say that both Code Red and Nimda originated in China, using much of the same code and even referencing China. United Messaging technicians said Nimda appears significantly more virulent and pervasive than other recent viruses. United Messaging first tracked Nimda (technically, W32.Nimda.A@mm) at 9:15 AM Tuesday, September 18, 2001. While U.S. Attorney General John Ashcroft said Tuesday that there was no sign of a link to those events, some security experts say it appears the virus was launched to coincide, almost to the minute, with the one-week anniversary of the September 11 attacks on the World Trade Center and the Pentagon. In the first 24 hours of the virus' existence, United Messaging detected significantly more instances of Nimda than it experienced with the Code Red virus. Nimda has proved to be more versatile, with an ability to modify Web sites to carry files that can spread via downloads. No United Messaging clients were infected due to the company's patent-pending Message Control(R) firewall and virus protection service. Reports and security analysts say the multiple ways in which the Nimda worm is able to propagate makes it that much harder to defend against than other worms and viruses. The virus can infect both user workstations and servers. Unlike many of the past viruses, Nimda propagates through web browsing just as much as or more than through e-mail. "It appears this is the latest and most vicious in an orchestrated series of attacks, likely by state-tolerated if not state-supported hackers," said Ben Trowbridge, CEO and Chairman at United Messaging. "Our data and sources indicate that the recent Code Red worm was a kind of `virtual reconnaissance mission' to gauge corporate America's reaction to an attack. Nimda may be part of a series of reconnaissance missions, each becoming more forceful and designed to determine our infrastructure's weak points. Because our nation lacks a comprehensive defense against massive cyber attacks, results of such an assault could be devastating." "Cyber war is not something out of a Tom Clancy novel," said Gregory Wallick, Cyber Security Analyst for United Messaging. "Our nation's incredible dependence upon our IT infrastructure has opened a window of vulnerability and made us a target. It's not just the billions of dollars that are at stake. It's our critical ability to communicate electronically." When Nimda ("Admin" spelled backwards) arrives via e-mail, it appears with random text in the subject line, no body text, and an attached file called readme.exe. If the user opens the attached file, Nimda accesses the user's e-mail address book and sends copies of itself to all the addresses. Unlike
Code Red, the worm can also infiltrate a corporate
network and create a user account with unlimited access
to files and e-mail. It can even send e-mails in
someone's name. Its
unique combination of managed and professional services
increase messaging performance, reliability, scalability,
and security while reducing operational expense. |
Tous droits réservés -
All rights reserved. |