The W32.Nimda.E@mm worm, detected October 29, is the latest version of the original W32.Nimda.A@mm and anti-virus vendor Trend Micro has tracked 3898 infected computers in the Asia-Pacific region in the last 24 hours.
"W32.Nimda.E@mm hit in Asia Pacific first," Trend Micro's Andrew Gordon told ZDNet Australia. -There are more infections in Asia Pacific than there are in the US." Infected computers in North America do not even rank in the top ten according to the Trend Micro world virus tracking centre.
Trend Micro has W32.Nimda.E@mm classified as a yellow alert, not as high a risk as its predecessor, which was ranked as a red alert. -But it is obviously travelling and people are being infected," Gordon said.
Due to an increased number of submissions Symantec has increased the virus threat assessment from level 2 to level 3 -- medium risk. Code Red and the original Nimda worm were ranked as a level 4 risk by Symantec.
Nimda.E spreads using the same methods as the original worm -- through email, through network shared drives, through un-patched IIS servers, and through file infection.
However, differences include the modification of file names used by the worm, which now copies itself to the \Windows\System folder as -csrss.exe" instead of -mmc.exe" and infection via e-mail comes via an attachment named -sample.exe" rather than the original -readme.exe", according to Symantec. The file dropped onto vulnerable servers is now named "httpodbc.dll," as opposed to "admin.dll"
Although there are a number of variants out there, non are as nasty as the, as many people secured their systems against the original Nimda worm.
"At this point, non are considered to be as malicious as the original," Glenn Miller of IT security software provider Janteknology told ZDNet Australia. -But it's only a question of when, not if."
According to Miller viruses of this kind never really disappear, -just become part of the background noise of the Internet".
-I'd say, stay tuned," Miller said.
