States are reeling from Nimda infections

States are reeling from Nimda infections

Many states are cleaning up damage from the latest computer worm, Nimda. Some officials said Nimda was much worse than the Code Red worm they dealt with in July.

Connecticut, Idaho, Mississippi, Montana, Ohio, North Carolina and Rhode Island reported infections as early as Tuesday that forced IT managers to shut down networks and Internet and e-mail access for at least part of the next two days.

The worm affects platforms running any Microsoft Windows operating system. Code Red attacked only servers running Microsoft's Internet Information Server software.

The CERT Coordination Center has said Nimda (admin spelled backwards) spreads from client to client via e-mail, network sharing or browsing of compromised Web sites, and it can exploit back doors left by Code Red. Nimda modifies Web documents and certain executable files on the systems it infects. It replicates itself to fill all available disk space.

That renders the infected systems useless, Rhode Island chief technology officer Howard Boksenbaum said.

Mississippi state workers had no e-mail or Internet access for almost 24 hours. Rhode Island took its systems down for about three hours yesterday, and two sites still are not back up.

'We started to see an unusually high amount of traffic on the Web, and we knew something was wrong,' said Jimmy Webster, network manager for Mississippi. 'We needed time to clean and patch the systems. So much of what we do is Internet-based, we didn't want to continually infect our systems or others.'

Webster said he installed a filter in front of the state's firewall on a Series 7500 router from Cisco Systems Inc. of San Jose, Calif., as the main defense against the worm. He then used vendor-supplied patches to cleanse PCs and servers.

Rhode Island officials took similar actions, Boksenbaum said.

'We installed the patch and had e-mail back up by 4 p.m. Wednesday,' he said. 'But we have massive infections on desktop PCs, and [they are] infecting other PCs. We have technical people going desk to desk cleaning them up.'

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.