[iwar] [fc:Nimda.worms.way.into.Colorado]

From: Fred Cohen (fc@all.net)
Date: 2001-09-28 16:10:58


Return-Path: <sentto-279987-2498-1001718659-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 28 Sep 2001 16:12:07 -0700 (PDT)
Received: (qmail 16847 invoked by uid 510); 28 Sep 2001 23:11:12 -0000
Received: from n31.groups.yahoo.com (216.115.96.81) by 204.181.12.215 with SMTP; 28 Sep 2001 23:11:12 -0000
X-eGroups-Return: sentto-279987-2498-1001718659-fc=all.net@returns.onelist.com
Received: from [10.1.4.53] by hp.egroups.com with NNFMP; 28 Sep 2001 23:10:59 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 28 Sep 2001 23:10:58 -0000
Received: (qmail 57071 invoked from network); 28 Sep 2001 23:10:58 -0000
Received: from unknown (10.1.10.27) by l7.egroups.com with QMQP; 28 Sep 2001 23:10:58 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 28 Sep 2001 23:10:58 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id QAA17415 for iwar@onelist.com; Fri, 28 Sep 2001 16:10:58 -0700
Message-Id: <200109282310.QAA17415@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 28 Sep 2001 16:10:58 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Nimda.worms.way.into.Colorado]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Nimda worms way into Colorado

By Dibya Sarkar, Federal Computer Week, 9/28/2001
<a href="http://www.fcw.com/geb/articles/2001/0924/web-nimda-09-24-01.asp">http://www.fcw.com/geb/articles/2001/0924/web-nimda-09-24-01.asp>

A computer worm, spreading rapidly around the world and affecting many
corporations, struck Colorado state systems Sept.  20. 

"We were able to isolate it pretty quickly," said Bob Feingold, the
state's chief information officer, referring to the W32/Nimda worm. 
"The Department of Labor and Employment got hit and the Department of
Revenue [as well].  But it only caused nuisance-level problems."

According to the CERT Coordination Center, an Internet security research
group, Nimda, which is "admin" spelled backward, modifies Web documents
and certain files and duplicates itself under various file names.  It is
propagated in several ways, including opening infected e-mail
attachments, browsing compromised sites and sharing files on open
networks. 

"It fills up a server," Feingold said.  "So you have to go in and clean
it out.  During that time, the desktops have trouble accessing the
server."

He said he didn't think any information was lost, although "there was
some period of time that there wasn't access to the outside world.  I
did not receive any reports of serious problems."

After close of business Sept.  20, the state shut access from the
outside and cleaned the affected servers and desktops, which took
several hours, he said. 

In a recent conference call with other state CIOs, Feingold acknowledged
that the worm also affected several other state governments, but he
didn't know to what extent and didn't identify the states. 

In light of last week's terrorist attacks, Feingold also said
cybersecurity has become a more important issue. 

"We had, before the unfortunate events of last week, an in-depth
security assessment under way.  That was already running.  That project
started in July," he said, adding that physical security plans of state
technology infrastructures were also recently implemented. 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:51 PDT