New Internet Worm Hits Computers

A damaging new computer worm was spreading like wildfire across the Internet on Tuesday, hitting both home PCs and commercial servers, in an outbreak that could prove more widespread and costly than the Code Red viruses, computer security experts said.

Known as “Nimda,” which spells admin backward, the worm spreads by sending infected e-mails and also appears able to infect Web sites, so when a user visits a compromised Web site, the browser--if it has not been patched--can spread the worm to a PC, analysts said.

So far, it appears that Nimda arrives in e-mail without a subject line and containing an attachment titled “readme.exe,” experts said.

Internet security experts have warned of the potential for an increase in virus activity after last week’s attacks on the World Trade Center and the Pentagon, but U.S. Atty. Gen. John Ashcroft said there was no sign the outbreak was linked to those events.

The worm has been aided by increased Internet traffic in the wake of last week’s terrorist attacks, computer security experts said. Overloaded telephone circuits have forced millions of Americans to turn to e-mail and instant messaging to communicate--providing more pathways for the worm to spread.

“This is coming at a very inopportune time. People are afraid to travel so they are doing more business over the Web,” said Sam Curry, security architect for McAfee.com, a leading maker of antivirus software.

The worm may have started as early as Monday and was showing signs of overloading traffic on the Internet, Ashcroft said, adding that Nimda proved “heavier” than the Code Red worm that caused an estimated $2.6 billion in cleanup costs on Internet-linked computers after outbreaks in July and August.

The worm exploits an already-detected vulnerability in Microsoft’s Internet Information Server Web software running on Windows NT or 2000 machines, the same breach that the Code Red viruses exploited, experts said.

Times wire services were used in compiling this report.