|You are in: Sci/Tech|
Wednesday, 19 September, 2001, 16:22 GMT 17:22 UK
Nimda virus loose online
A Windows worm that tries almost every trick in the book to infect computers is steadily spreading across the net.
The malicious program, named Nimda, attacks both personal computers and network servers. The virus can even be contracted just by browsing webpages generated by infected servers.
It spreads by plundering address books to generate lists of recipients it can send itself to, looks for common loopholes in some versions of Windows web server software and uses hijacked machines to search for more targets.
Although the worm is spreading quickly, experts said it was unlikely to cause widespread disruption - but they warned people to be on their guard.
"The reason it's become so widespread is because it not only travels via e-mail but it contaminates websites as well," said Graham Cluley, senior technical consultant for Sophos Antivirus.
Once it has infected a web server, the Nimda worm scans the net for machines that have not installed patches for well-known vulnerabilities. It looks for the loophole that Code Red exploited, as well as 16 others.
The worm may cause disruption to some networks because it makes infected machines carry out up to four times as many scans as those compromised by Code Red.
Infected machines also hide a copy of the virus on the webpages they display. Browsing these pages with certain unpatched versions of Internet E