BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh

 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Commonwealth Games 2002

BBC Sport

BBC Weather

Wednesday, 19 September, 2001, 16:22 GMT 17:22 UK
Nimda virus loose online
Graphic BBC
The new virus is more powerful than Code Red
A Windows worm that tries almost every trick in the book to infect computers is steadily spreading across the net.

The malicious program, named Nimda, attacks both personal computers and network servers. The virus can even be contracted just by browsing webpages generated by infected servers.

It spreads by plundering address books to generate lists of recipients it can send itself to, looks for common loopholes in some versions of Windows web server software and uses hijacked machines to search for more targets.

Although the worm is spreading quickly, experts said it was unlikely to cause widespread disruption - but they warned people to be on their guard.

Infection invitation

"The reason it's become so widespread is because it not only travels via e-mail but it contaminates websites as well," said Graham Cluley, senior technical consultant for Sophos Antivirus.

Once it has infected a web server, the Nimda worm scans the net for machines that have not installed patches for well-known vulnerabilities. It looks for the loophole that Code Red exploited, as well as 16 others.

This one is the Swiss Army knife of worms

Dan Ingevaldson, Internet Security Systems
It can affect machines running Windows 98, 95, Me, NT and 2000.

The worm may cause disruption to some networks because it makes infected machines carry out up to four times as many scans as those compromised by Code Red.

Infected machines also hide a copy of the virus on the webpages they display. Browsing these pages with certain unpatched versions of Internet E