Computer virus W32-NIMDA may be wreaking havoc around the nation, but The University of Memphis is proving a worthy foe.
W32-NIMDA, a dangerous new multifaceted worm virus, hit computers at The U of M and across the nation Tuesday morning. Some systems across the nation had to shut down Tuesday to combat the virus, but Tom Barton, director of Information Technology Infrastructure at The U of M, said operations on campus continued as normal.
“Most people using campus computers probably never even noticed,” Barton said.
Barton said 20 computers, 18 on campus and 2 personal computers connected to The U of M through dial-up connections, were infected and disconnected from the system as of 3 p.m. Thursday. Of those, about half have been cleaned and reconnected.
W32-NIMDA has been classified as a Category 4 virus, which means high potential distribution and high potential damage, according to Symantec, a company that identifies and fights new computer viruses.
According to Gary Houck, manager of special projects for International Paper, the “W32” in the name refers to 32-bit Microsoft Windows operating systems, the systems W32-NIMDA attacks. Windows 98, NT, 2000 and ME are 32-bit systems.
W32-NIMDA’s replication eats up computers’ resources, bogging them down to such a slow rate of operation that the virus triggers denial-of-service, which is computer jargon for when computers are too clogged to do anything at all.
“The virus is an upside-down pyramid,” Houck said. “It’s exploding.”
Houck said W32-NIMDA can modify, delete and move key files.
But The U of M has escaped the worst, according to Barton.
“The 20 infected computers are a drop in the bucket compared to what could have happened,” Barton said.
Barton said The U of M has been successfully defending itself against W32-NIMDA because most of the computers in the system had already been updated to combat Code Red, the premiere scary virus of the summer, in July and August.
Users can protect their computers from Code Red and now W32-NIMDA by downloading a patch from the Symantec.com website.
The worm is considered to be a worse threat than Code Red. While Code Red had only two ways to spread itself through computer networks, W32-NIMDA has about 14 ways, including mass-mailing itself to other systems in a user’s stored address book. Both viruses can actively scan computer systems for vulnerabilities through which they attack, but Barton said the similarities end there.
“The rest is different,” Barton said. “While there’s nothing inherently new about NIMDA, what is new is its combination and aggression. The rate at which it scans (for weaknesses) is like nothing we’ve ever seen before.”
Barton said the rapidity, aggression and versatility of W32-NIMDA are what make it a worse threat than Code Red.
The first infected computer was discovered at 8:22 a.m. Tuesday morning. The most recently infected computer, as of press time, was found at 11:24 a.m. Thursday.
Although some computers on campus are still vulnerable, Barton said The U of M is conducting desktop-level support to protect University computers.
Barton and Houck said there is no evidence of where the virus came from.
“No one has any clue of the origin of this thing,” Barton said.
Houck said the name “NIMDA” is “ADMIN” reversed, but he does not know why the virus was given the name.
“Just to be cool, I guess,” Houck said. “But (the creators) are not very cool in my book. They ought to be given a long walk off of a short pier.”
