Protect yourself against Nimda worm

September 25, 2001

Although the spread of the disturbing Nimda worm has slowed, many companies are puzzled over removing the malicious agent from their networks.

Nimda has already entered the networks of many Internet Service Providers (ISP) causing several ISPs to take severe steps to block users from spreading the worm and overloading their networks with traffic.

So XO Communications announced on Friday that the company severed almost a quarter of its users' Web servers from the Internet in an attempt to stop the deluge of data produced by malicious program.

The Nimda worm hit so rapidly and caused so much disorder that accurate analysis of the worm has been delayed.

The worm spreads by four different ways:


1. Using a backdoor on the server that had already been compromised by the Code Red II (all other IIS servers, the malicious code attempted to use the infamous "Web server folder traversal" vulnerability)
2. Infecting others through viewing a Web page
3. Using e-mail (sending e-mail with attached worm to addresses in Windows address book)
4. Spreading copies of itself throughout corporate networks by using shared drives

Following security measures are recommended to prevent your PC from being infected:


• Don't open unexpected e-mail attachments
• Update your virus definitions and run anti-virus software to check your system
• Upgrade your software
• Download and run appropriate patches
• Avoid visiting unfamiliar websites
• Install personal firewall
• Visit the Microsoft Security Update site:
  www.microsoft.com/technet/security/topics/nimda.asp