[iwar] [fc:Nimda.Virus.Lingers.on.House,.Senate.Computers]

• Next message: Fred Cohen: "[iwar] [fc:War.Game.Helps.Army's.Mock.'Red.Team'.To.Simulate.Tactics.Of.Low-Tech.Fighters]"
• Previous message: Fred Cohen: "[iwar] [fc:FBI.aims.to.squash.bugs]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <sentto-279987-2622-1002077514-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 02 Oct 2001 19:53:16 -0700 (PDT)
Received: (qmail 27946 invoked by uid 510); 3 Oct 2001 02:52:00 -0000
Received: from n11.groups.yahoo.com (216.115.96.61) by 204.181.12.215 with SMTP; 3 Oct 2001 02:52:00 -0000
X-eGroups-Return: sentto-279987-2622-1002077514-fc=all.net@returns.onelist.com
Received: from [10.1.4.52] by n11.groups.yahoo.com with NNFMP; 03 Oct 2001 02:51:54 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 3 Oct 2001 02:51:54 -0000
Received: (qmail 79136 invoked from network); 3 Oct 2001 02:51:53 -0000
Received: from unknown (10.1.10.27) by m8.onelist.org with QMQP; 3 Oct 2001 02:51:53 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 3 Oct 2001 02:51:53 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id TAA10194 for iwar@onelist.com; Tue, 2 Oct 2001 19:51:53 -0700
Message-Id: <200110030251.TAA10194@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 2 Oct 2001 19:51:53 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Nimda.Virus.Lingers.on.House,.Senate.Computers]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Nimda Virus Lingers on House, Senate Computers 
Ben Pershing, AntiOnline, 10/2/2001
<a href="http://www.antionline.com/showthread.php?threadid=116076">http://www.antionline.com/showthread.php?threadid=116076>

The "Nimda Worm" computer virus has wreaked havoc on Capitol Hill over
the past two weeks, infecting dozens of workstations and even forcing
the Senate to shut down several of its most vital systems. 

The virus, which transmits itself through e-mail and the Internet, hit
between 40 and 50 House offices and spawned several "mutant" versions
that required Congressional tech staffers to work overtime to update
anti-virus software. 

"This virus was a little more sophisticated in terms of spreading in
multiple modes," said Reynold Schweickhardt, director of technology for
the House Administration Committee. 

"As of [Thursday] night we still had about 24 offices that had one or
more infections.  I think we reached the high-water mark [Thursday], and
I think we're going to be victorious."

The virus caused the Senate to shut down its Web-based e-mail system and
its file transfer protocol system for a time the week before last.  It
is not clear what other damage Nimda did on that side of the Capitol. 
The Office of the Sergeant-at-Arms, which oversees the Senate's computer
systems, did not return calls seeking comment. 

According to an alert put out by the Computer Emergency Response Team
Coordination Center at Carnegie Mellon University, the Nimda Worm can be
spread via e-mail as well as by visiting "compromised" Web sites. 
Infected e-mails often come with an attachment labeled "readme.exe,"
which, if opened, will automatically gather addresses from the user's
address book and begin sending out new messages.  If left unchecked, the
worm will repeat this process every 10 days. 

If a user whose computer has been infected visits a Web site, other
users connected to the same server can pick up the virus when they visit
the same site.  In the House, many users picked up Nimda by reading The
Washington Post online. 

The worm can infect users of several versions of Microsoft Internet
Explorer, the most commonly used browser in Hill offices. 

Nimda is only the latest in a series of e-mail-borne viruses that have
plagued the Hill in recent years. 

The "Melissa" virus first struck Congressional offices in 1999, though
both the House and Senate were able to avert serious problems by halting
the spread of the bug early. 

A new strain of Melissa reared its head in March 2000, but after some
initial confusion, its spread was again stopped. 

In May 2000 the more damaging "Love Bug" virus tore its way through Hill
computers as staffers eagerly opened messages titled "I LOVEYOU." The
virus forced Rep.  Jay Inslee's (D-Wash.) office to shut down its server
temporarily. 

(C) 2001 Roll Call.  via ProQuest Information and Learning Company; All
Rights Reserved


------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

• Next message: Fred Cohen: "[iwar] [fc:War.Game.Helps.Army's.Mock.'Red.Team'.To.Simulate.Tactics.Of.Low-Tech.Fighters]"
• Previous message: Fred Cohen: "[iwar] [fc:FBI.aims.to.squash.bugs]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:53 PST