Politic-Economic-Society-Tech
Nimda computer virus still spreading in Asia
By Chee-may Chow
The Nimda computer virus spread at dizzying speed through parts of Asia on Thursday for a second day, but experts said the worldwide outbreak may be close to peaking for the powerful server machines that drive the Web.
The total number of infected personal computers may never be known.
South Korea's Information and Communication Ministry said the number of infections was growing exponentially as small computer users were slow to take precautions.
The ministry said in a statement that 3,711 cases of infection were reported as of 11 a.m. (0200 GMT), an 11-fold increase from 327 cases reported on Wednesday.
"Big companies appear to be taking measures quickly, but personal computer users are relatively slow in responding," said an official at the ministry.
He said it would be difficult to estimate damages in financial terms as the infection did not cause any physical losses such as data destruction.
Computer security experts have described the bug, the origin of which is not yet known, as the fastest-spreading computer virus ever.
The self-replicating bug, which scans networks for uninfected computers, slows the performance of the Internet and e-mail even though it does not erase files or damage systems.
The attack could prove to be more widespread and damaging than the Code Red infections of July and August, which caused an estimated US$2.6 billion in damage, because Nimda appears to have been designed to spread quickly among PCs connected to a single network and not just servers, security experts said.
"It may spread rapidly to 10, 20, 30 thousand workstations, but won't have any noticeable impact on the Internet," said Jim Jones, director of monitoring and analysis for New York-based Predictive Systems.
The Hong Kong Computer Emergency Response Team (HKCERT) said it had received more than 60 reports of virus attacks since Wednesday morning and the number was still rising.
It could be months before the virus was completely eradicated, the government-sponsored organisation said.
Internet security firm Trend Micro Inc said 10 more clients had reported their systems were infected, bringing the number to more than 40 since since Wednesday.
But the firm estimated as many as 1,000 companies in the territory have been infected. Hong Kong is one of Asia's financial centres.
"The number of companies that call in is just the tip of the iceberg. Behind those cases are many other companies that have been infected who either don't know it or haven't reported it," said a company spokesman.
Trend Micro said the virus would cost Hong Kong around HK$30 million (US$3.85 million) per day in lost productivity and that it was spreading five times faster than the Code Red virus which hit in July and August.
It said most victims were small companies because they tended to centralise all functions under one server, making them more vulnerable to attacks, but larger telecom firms and investment banks have also been hit.
The bug first appeared in the United States on Tuesday, spread to Asia overnight, and thousands of European businesses opened business on Wednesday with infected computer systems.
The mass-mailing worm arrives in electronic mail without a subject line and contains an attachment titled "readme.exe" disguised as an audio file.
The mere presence of the worm has forced some companies to shut down parts of their networks to prevent infection or further exposure.
The highest concentration of infected systems was in Canada, Denmark, Italy, Norway, the U.K. and the United States, said Chip Mesec, head of product marketing for San Mateo, California-based SecurityFocus.
source: news.excite.com, September 20, 2001
,