Return-Path: <sentto-279987-2498-1001718659-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 28 Sep 2001 16:12:07 -0700 (PDT) Received: (qmail 16847 invoked by uid 510); 28 Sep 2001 23:11:12 -0000 Received: from n31.groups.yahoo.com (216.115.96.81) by 204.181.12.215 with SMTP; 28 Sep 2001 23:11:12 -0000 X-eGroups-Return: sentto-279987-2498-1001718659-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by hp.egroups.com with NNFMP; 28 Sep 2001 23:10:59 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 28 Sep 2001 23:10:58 -0000 Received: (qmail 57071 invoked from network); 28 Sep 2001 23:10:58 -0000 Received: from unknown (10.1.10.27) by l7.egroups.com with QMQP; 28 Sep 2001 23:10:58 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 28 Sep 2001 23:10:58 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id QAA17415 for iwar@onelist.com; Fri, 28 Sep 2001 16:10:58 -0700 Message-Id: <200109282310.QAA17415@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 28 Sep 2001 16:10:58 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Nimda.worms.way.into.Colorado] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Nimda worms way into Colorado By Dibya Sarkar, Federal Computer Week, 9/28/2001 <a href="http://www.fcw.com/geb/articles/2001/0924/web-nimda-09-24-01.asp">http://www.fcw.com/geb/articles/2001/0924/web-nimda-09-24-01.asp> A computer worm, spreading rapidly around the world and affecting many corporations, struck Colorado state systems Sept. 20. "We were able to isolate it pretty quickly," said Bob Feingold, the state's chief information officer, referring to the W32/Nimda worm. "The Department of Labor and Employment got hit and the Department of Revenue [as well]. But it only caused nuisance-level problems." According to the CERT Coordination Center, an Internet security research group, Nimda, which is "admin" spelled backward, modifies Web documents and certain files and duplicates itself under various file names. It is propagated in several ways, including opening infected e-mail attachments, browsing compromised sites and sharing files on open networks. "It fills up a server," Feingold said. "So you have to go in and clean it out. During that time, the desktops have trouble accessing the server." He said he didn't think any information was lost, although "there was some period of time that there wasn't access to the outside world. I did not receive any reports of serious problems." After close of business Sept. 20, the state shut access from the outside and cleaned the affected servers and desktops, which took several hours, he said. In a recent conference call with other state CIOs, Feingold acknowledged that the worm also affected several other state governments, but he didn't know to what extent and didn't identify the states. In light of last week's terrorist attacks, Feingold also said cybersecurity has become a more important issue. "We had, before the unfortunate events of last week, an in-depth security assessment under way. That was already running. That project started in July," he said, adding that physical security plans of state technology infrastructures were also recently implemented. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:51 PDT