We all had trouble with SIRCam. So pardon me if I pass this along.
Cheryl
United Press Int'l Health News Health
Worm, e-mail virus attacking Internet
By SCOTT BURNELL, UPI Internet Writer
WASHINGTON, Sept. 18 (UPI) -- Private
companies and a national
computer security organization said Tuesday
morning a new e-mail
virus could be behind a "massive increase" in
attempts to infect
Internet servers worldwide.
The first reports of both the virus and the
increased malicious
scanning attempts surfaced at about 9 a.m. EDT
Tuesday, said Ken
Van Wyk, president of Para-Protect, a computer
security company
in Centreville, Va. Although the source of the
activity hasn't yet been
traced, it started at almost exactly the same
day and time at which
the terrorist attacks began last week. Van Wyk
told UPI it took only
minutes for the e-mails and scanning behavior
to show up across the
company's client base, as well as at the home
computers of its
employees.
The CERT Coordination Center, an organization
at Carnegie Mellon
University in Pittsburgh that studies computer
vulnerabilities and acts
as an information clearinghouse, also issued a
warning Tuesday
about the e-mail and "a massive increase in
scanning activity
directed at (a common computer Internet)
port."
An attachment in Microsoft Outlook e-mails
appears to be the
source of all the activity, Van Wyk said,
although the company
hasn't yet had a chance to analyze a copy of
the e-mail. Opening the
attachment, named "readme.exe," apparently
forces the computer to
run a program searching for 16 known security
holes in Microsoft
Internet Information Server software, he said.
IIS was the program targeted by the "Code Red"
and "Code Red II"
worms earlier this summer, although it only
runs on Windows NT and
2000 servers. The "readme.exe" virus, on the
other hand, affects any
Windows-based personal computer running
Outlook, Van Wyk said.
The "Code Red" occurrences prompted most
companies to install
fixes to IIS, so infection rates on Web
servers appear to be low, he
said.
But far more seriously, this attack affects
home computer users.
Van Wyk said the scanning attempts come from
computer
addresses all over the Internet, including the
digital subscriber line
and cable modem connections associated with
residential use. In
order to minimize the attack's impact, PC
users should avoid
opening unfamiliar e-mail attachments, Van Wyk
said. And for the
time being, DSL or cable modem users should
consider severing
their Internet connection if that won't hurt
an ongoing business or
other important activity, he said.
Antivirus software makers will distribute
solutions for this attack as
soon as they're available, Van Wyk said.
--
Copyright 2001 by United Press International.
All rights reserved.