http://news.cnet.com/news/0-1003-200-7739301.html?tag=mn_hd By Reuters October 31, 2001, 4:50 p.m. PT NEW YORK--The mysterious "storm of data" that swamped computers at The New York Times was not caused by a malicious attack aimed at the paper but rather by a reemergence of the Nimda worm, company officials said Wednesday. A New York Times network administrator said in an internal e-mail Tuesday that the company's Internet connection was "interrupted by a storm of data" and that the "denial-of-service" activity may have been a deliberate attack. In a denial-of-service attack, thousands of fake messages are sent to server computers, tying up the recipient's network. But the real culprit was Nimda.E, a permutation of the Nimda worm that struck hundreds of thousands of computers worldwide beginning in September, said New York Times Chief Information Officer Michael Williams on Wednesday in a second inter-company e-mail obtained by Reuters. "We have secured a 'fix' for this virus which cleanses the infected machines," Williams said in the e-mail. A company spokeswoman confirmed that internal Internet access at the paper was up as of Wednesday morning. Nimda.E "is a new version that just appeared a few days ago," said Marc Fossi, malicious-code analyst for the San Mateo, Calif.-based firm SecurityFocus. "It's the same infection method, but it's been recompiled, and the file names it uses have been changed to make it harder for antivirus products to detect." The symptoms of a denial-of-service attack and a Nimda strike are quite similar, according to Russ Cooper of the computer security firm TruSecure. Nimda can quickly bog down internal networks as it generates Internet traffic in the hunt for new hosts. Denial-of-service attacks work in a similar way, overwhelming networks with requests. "If you have a large number of affected machines, very quickly--within five minutes--you're going to have a large portion of those machines attacking, and that's going to douse your network," Cooper said. The virus can be easily passed on via e-mail, infected Web pages or company subsidiaries with access to the main network. "It would be a heck of a lot easier to bring it in than anthrax, let's put it that way," Cooper said. Since Nimda relies on randomly generated Internet addresses, it is unlikely that the New York Times was deliberately targeted for attack, he added. During the recent string of anthrax transmissions, there have been at least two scares at the paper, including one letter filled with a white powder that was mailed to a reporter who wrote a book on bioterrorism. But tests at the paper have come up negative for the bacteria. According to Williams' e-mail, the paper was in the process of identifying the machines infected with Nimda and fixing them one by one, and was also updating its virus protection software. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Nov 01 2001 - 04:03:12 PST