Worm returns to attack servers

By PETER GRIFFIN

Businesses were yesterday scrambling to shield themselves from Nimda, the latest incarnation of the Code Red computer virus that exploded across the internet in July.

Among the companies hit locally was market researcher ACNielsen, whose staff started receiving Nimda via e-mail yesterday morning.

The company's IT manager Steve Hinton said a team of security experts had been called in to clear the servers of the virus.

"We downed our mail and web servers so that we would stop the infection spreading. We didn't want to be guilty of infecting clients that were receiving mail from us or browsing our sites," he added.

About 15 servers at Canterbury University were infected by Nimda (admin spelled backwards), but apart from voice mail, critical systems were unaffected.

Worldwide, security experts were marvelling at the worm's versatility. Able to spread via e-mail and through websites, the worm once again played on vulnerabilities in Microsoft's web server software IIS (Internet Information Server). Equipped with its own built-in e-mail engine, the worm attempted to replicate itself by e-mailing itself to addresses stored in e-mail programs.

Worldwide, around 130,000 web servers were believed to have been infected by noon yesterday.

Though it was feared the worm's replication pattern could slow the internet, service providers were reporting normal traffic levels and speed.

"We've seen very little evidence of it," said Xtra spokesman Matt Bostwick.