Virus Alert: Computer Associates Calls ‘Nimda’ Worm A High-Risk Threat

ISLANDIA, N.Y., Sept. 18 /PRNewswire/ — Computer Associates International, Inc. (CA) today classified Nimda (also known as Win32/Nimda.A.Worm), which is similar to the CodeRed worm, as a high-risk threat. Nimda utilizes a number of methods to propagate and infect computer systems, including exploiting a vulnerability in Microsoft’s Internet Information Server (IIS) web server software, through email and via open network shares. The worm can render an infected computer system open for remote access and overwrites a number of computer files.

According to analysis by CA’s eTrust global antivirus researchers, Nimda propagates by searching for email addresses in an infected computer user’s Microsoft Outlook and Outlook Express messages. Next, by using a built-in email engine, Nimda sends itself as an attachment with random subject lines and no message body text. The attachment, named README.EXE, masquerades as an innocuous audio file.

The worm also searches for Microsoft IIS server vulnerable to the Unicode Web Traversal exploit. Upon the discovery of such a server, the worm installs and launches a copy of itself and begins modifying web-content files with .HTM, .HTML, and .ASP extensions. The altered web pages are capable of delivering a copy of the worm to visitors of the infected IIS server.

Nimda also searches for the existence of open network shares, enabling it to copy and execute itself on remote computer systems.

“What we see with Nimda are several pages from old play books being combined in a way we have not seen before, with the added capability of affecting web servers, business and home computer users,” said Ian Hameroff, business manager, security solutions, CA. “Based on the characteristics of Nimda, this may be a proof of concept threat to test the Internet waters. Preventing future outbreaks of similar threats can only be accomplished through the vigilant practice of patch application, risk and policy assessment, and a fortified defense of internet security solutions.”

CA’s eTrust global antivirus researchers will release a new signature for its award winning antivirus solutions — eTrust InoculateIT, eTrust Antivirus and eTrust EZ Antivirus. Additional information is available at http://ca.com/virusinfo.

About Computer Associates

Computer Associates International, Inc. (NYSE: CA) delivers The Software That Manages eBusiness. CA’s world-class solutions address all aspects of eBusiness process management, information management, and infrastructure management in six focus areas: enterprise management, security, storage, eBusiness transformation and integration, portal and knowledge management, and predictive analysis and visualization. Founded in 1976, CA serves organizations in more than 100 countries, including 99 percent of the Fortune 500 companies. For more information, please visit http://ca.com.

All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.