Nimda a wake-up call to enterprises

It's been dubbed the next wave of Internet attack, but Nimda is not innovative, just plain vicious and Microsoft's poor software writing is to blame, says a security expert.

The latest threat to Internet security is the first time that four existing and known vectors of attack have been rolled into one.

Nimda is a compound worm that works with a combination of network-based and browser-based attacks. It can be spread via e-mail, open network shares, from a Web server via browsing of compromised Web sites. The worm targets Web servers running Microsoft's Internet Information Server (IIS) by scanning the Internet for IIS servers that may have been compromised already by Code Red and other viruses and by exploiting a previously known vulnerability in IIS known as Unicode Directory Traversal.

But Simon Hackett, managing director for Internode, said if a company had been proactive and vigilant in downloading patches, Nimda wouldn't have affected them at all.

"Nimda is a wake-up call to enterprises, which puts a positive spin on the destructiveness of worms and viruses, because it's forcing people to fix their computers," Hackett said.

The patches to protect systems from all these vectors of attacks used by other worms have been available for months, according to Hackett.

But Nimda took advantage of those that hadn't wholisitically maintained their systems.

"Nimda is the start of a new threat to Internet security, but it could also be the end to it, because it's so virulent, people jumped on to it quickly," Hackett said.

In fact it was the massive increase in network scanning for vulnerable IIS servers that alerted network administrators to the worm.

"It's vicious, but there is no innovation," Hackett said.

Hackett said it raises the question of whether Microsoft is responsible in educating its users to be proactive in acquiring patches, or if it's the customers job to actively keep its patches up to date on a weekly, if not daily basis.

"It's true that Microsoft put out the patch for Nimda after the fact, but if you already had decent protection, it wouldn't have hit you at all," said Hackett.

Join the newsletter!

Error: Please check your email address.

More about InternodeMicrosoftUnicode

Show Comments

Market Place