FBI investigating new Internet worm, thousands of computers targeted

By D. Ian Hopper

Associated Press

WASHINGTON – Attorney General John Ashcroft Tuesday warned computer users about a new Internet threat that could slow the global network worse than the “Code Red” worm that struck earlier this summer.

Ashcroft said the FBI and private firms are assessing the effects of the program, known as “W32-Nimda,” which has affected possibly tens of thousands of computers. As the program spreads, its activity can slow or shut down Internet service for regular users.

“The scanning activity thus far indicates that this could be heavier than the July activity of Code Red,” Ashcroft said.

But Ashcroft dismissed the idea that Nimda is related to the attacks in New York and Washington.

“There is no evidence at this time which links this infection with the terrorist attack of last week,” he said.

Code Red mobilized law enforcement agencies and private companies in an unprecedented effort, as the Internet worm infected hundreds of thousands of computers and threatened a meltdown of the Internet. They implored computer users to install protective software.

All major antivirus companies now offer software to protect against Nimda.

On security e-mail lists, system administrators nationwide reported unprecedented activity related to the worm, which tries to break into Microsoft’s Internet Information Services software. That software was the same targeted by Code Red, and is typically found on computers running Microsoft Windows NT or 2000.

Most home users, including those running Windows 95, 98 or ME, are not affected.

Ken Van Wyk, chief technology officer at ParaProtect, said the worm tries to wriggle in through 16 known vulnerabilities in Microsoft’s IIS, including the security hole left in some computers by the “Code Red II” worm, which followed Code Red in August.

Code Red, by comparison, attacked through only one hole, which could be patched by downloading a program from Microsoft’s Web site.

“It’s causing enormous pain because it is at least an order of magnitude more aggressive than Code Red,” said Alan Paller, director of research at the nonprofit SANS Institute. “It’s a pretty vigorous attacker.”

In addition to direct Internet attacks, the worm can also travel via e-mail. The e-mail message is typically blank, and contains an attachment called “README.EXE.” Antivirus experts warn that users shouldn’t open unexpected attachments.

Efforts to isolate and track the worm were hampered by the swiftness of the attack. Vincent Gullotto, head antivirus researcher for McAfee.com, said the first report came at about 9 a.m. EDT, from a site in Norway.

“It’s taken down entire sites,” Gullotto said. “I can’t even get to the Internet right now.”

On Monday, the FBI’s National Infrastructure Protection Center warned that a hacker group called the “Dispatchers” said they would attack “communications and finance infrastructures” on or about Tuesday.

“There is the opportunity for significant collateral damage to any computer network and telecommunications infrastructure that does not have current countermeasures in place,” officials said in a warning on the NIPC Web site.

However, the Dispatchers group has recently defaced Middle Eastern Web sites in an apparent retaliation for last week’s attacks – a job that is far easier than creating a powerful Internet worm.

Antivirus firm F-Secure discovered that the message “Copyright 2001 R.P.China” is present in the worm, indicating a possible – but far from definite – link to China.

Last week, the FBI warned that there could be an increase in hacking incidents after the terrorist attacks. They advised computer users to update their antivirus software, get all possible security updates for their other software, and be extra careful online.

On the Net:

McAfee.com: http://www.mcafee.com

SANS: http://www.sans.org

National Infrastructure Protection Center: http://www.nipc.gov

Copyright ©2001 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Local News

Firefighters respond to a 911 call on July 16, 2024, in Mill Creek. Firefighters from South County Fire, Tulalip Bay Fire Department and Camano Island Fire and Rescue left Wednesday to help fight the LA fires. (Photo provided by South County Fire)
Help is on the way: Snohomish County firefighters en route to LA fires

The Los Angeles wildfires have caused at least 180,000 evacuations. The crews expect to arrive Friday.

x
Edmonds police shooting investigation includes possibility of gang violence

The 18-year-old victim remains in critical condition as of Friday morning.

The Everett Wastewater Treatment Plant along the Snohomish River. Thursday, June 16, 2022 in Everett. (Olivia Vanni / The Herald)
Everett council approves water, sewer rate increases

The 43% rise in combined water and sewer rates will pay for large infrastructure projects.

Robin Cain with 50 of her marathon medals hanging on a display board she made with her father on Thursday, Jan. 2, 2025 in Lake Stevens, Washington. (Olivia Vanni / The Herald)
Running a marathon is hard. She ran one in every state.

Robin Cain, of Lake Stevens, is one of only a few thousand people to ever achieve the feat.

People line up to grab food at the Everett Recovery Cafe on Wednesday, Dec. 4, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Coffee, meals and compassion are free at the Everett Recovery Cafe

The free, membership-based day center offers free coffee and meals and more importantly, camaraderie and recovery support.

Washington Gov. Jay Inslee proposed his final state budget on Tuesday. It calls for a new wealth tax, an increase in business taxes, along with some programs and a closure of a women’s prison. The plan will be a starting point for state lawmakers in the 2025 legislative session. (Jerry Cornfield / Washington State Standard)
Inslee proposes taxing the wealthy and businesses to close budget gap

His final spending plan calls for raising about $13 billion over four years from additional taxes. Republicans decry the approach.

Devani Padron, left, Daisy Ramos perform during dance class at Mari's Place Monday afternoon in Everett on July 13, 2016. (Kevin Clark / The Herald)
Mari’s Place helps children build confidence and design a better future

The Everett-based nonprofit offers free and low-cost classes in art, music, theater and dance for children ages 5 to 14.

The Everett Wastewater Treatment Plant along the Snohomish River on Thursday, June 16, 2022 in Everett, Washington. (Olivia Vanni / The Herald)
Everett water, sewer rates could jump 43% by 2028

The rate hikes would pay for improvements to the city’s sewer infrastructure.

Everett
Police believe Ebey Island murder suspect fled to Arizona

In April, prosecutors allege, Lucas Cartwright hit Clayton Perry with his car, killing him on the island near Everett.

The bond funded new track and field at Northshore Middle School on Thursday, Oct. 24, 2024 in Bothell, Washington. (Courtesy of Northshore School District)
Northshore School District bond improvements underway

The $425 million bond is funding new track and field complexes, playgrounds and phase one of two school replacements.

Edmonds Police Chief Michelle Bennett outside of the Police Department on Wednesday, Dec. 11, 2024 in Edmonds, Washington. (Olivia Vanni / The Herald)
Edmonds mayor names acting chief during search for permanent replacement

Assistant Chief Rod Sniffen will assume the temporary role March 1.

A ferry boat navigates through fog off of Mukilteo Beach on Tuesday, Jan. 14, 2025 in Mukilteo, Washington. (Olivia Vanni / The Herald)
Snohomish County to see cold, foggy weather into next week

The good news? Except for Thursday, the National Weather Service expects little rain this week.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.