Europe braces for Nimda onslaught

The fast-spreading worm known as Nimda is making its way across Europe, according to network administrators and security consultants on the continent.

"Thousands of companies, small and large and in all industries, have been hit," said Marius van Oers, a virus research engineer at Network Associates Inc. in Amsterdam. "The Internet is slowing down because of the virus scanning for vulnerable systems using port 80, the port used for Web traffic. E-commerce companies are victimized because of the slowdown of the Internet."

"We've had about 800 complaints in Europe, 15 percent of them from corporate customers," said Andrea Wolf, public relations manager Central Europe for security company Symantec Corp. Each complaint refers to a single network, which could encompass anywhere from a handful to many thousands of computers, she added. She declined to name any of the affected companies, citing privacy concerns.

"It's entirely comparable with Code Red," a malicious worm affecting Windows NT and Windows 2000 operating systems, that was first reported in July, Wolf said.

The malicious code, which can spread via e-mail attachments, HTTP (Hypertext Transfer Protocol) or across shared hard disks inside networks, can infect all 32-bit Windows systems, including Windows 98, 2000, Millennium Edition, XP, and NT. [See "Major new worm poses serious threat," Sept. 18.]Nimda is spreading more quickly than Code Red, but appears to be causing less damage, said virus consultant Andreas Marx of GEGA IT-Solutions GbR in Magdeburg, Germany.

"I know a few people who have been affected by it, mostly smaller firms. They've reacted by cutting off their e-mail servers," he said.

Larger companies in Germany, including Deutsche Bank AG, Deutsche Telekom AG, Lufthansa AG, and Siemens AG, all said they had not been substantially affected by the attacks.

Siemens temporarily took its e-mail and Web servers down while virus-protection software was updated, a spokesman said.

"We've put a multilevel packet of measures into place, a carefully maintained firewall, and our PCs have regularly updated virus-protection software," said a Deutsche Telekom spokesman. "We're hopeful we can prevent any damage."

But Van Oers said the viciousness of Nimda had taken the experts by surprise.

"We think the spreading started in Europe, where the first sample was received in Germany on Tuesday at about 2 p.m. local time. At the time we didn't think this one would get far. We were wrong."

Another observer added that the frequency of virus attacks is on the rise.

"One interesting statistic is that the current virus-to-e-mail ratios are running at one virus in every 300 e-mails, which is up from one in 700 in October last year," said Helen Desmond, a U.K. spokeswoman for e-mail security services company MessageLabs Ltd.

If current trends continue, MessageLabs estimates that by 2007 to 2008, one in 10 e-mail messages will be infected by a virus and by 2013 that number could grow to as large as one in two, Desmond said. Furthermore, those numbers don't even take into account peak rates when new a worm like Nimda is released which can make matters far worse, she said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Deutsche BankDeutsche BankDeutsche TelekomLufthansaMessageLabsSiemensSymantec

Show Comments