Return-Path: <sentto-279987-3740-1004622590-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 01 Nov 2001 05:51:07 -0800 (PST) Received: (qmail 11546 invoked by uid 510); 1 Nov 2001 13:49:04 -0000 Received: from n9.groups.yahoo.com (216.115.96.59) by 204.181.12.215 with SMTP; 1 Nov 2001 13:49:04 -0000 X-eGroups-Return: sentto-279987-3740-1004622590-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.54] by n9.groups.yahoo.com with NNFMP; 01 Nov 2001 13:49:50 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 1 Nov 2001 13:49:49 -0000 Received: (qmail 77212 invoked from network); 1 Nov 2001 13:49:46 -0000 Received: from unknown (10.1.10.27) by l8.egroups.com with QMQP; 1 Nov 2001 13:49:46 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2 with SMTP; 1 Nov 2001 13:49:46 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fA1Do0227091 for iwar@onelist.com; Thu, 1 Nov 2001 05:50:00 -0800 Message-Id: <200111011350.fA1Do0227091@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 1 Nov 2001 05:50:00 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:NY.Times.laid.low.by.Nimda.offshoot] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit NY Times laid low by Nimda offshoot Reuters, 11/1/2001 <a href="http://news.cnet.com/news/0-1003-200-7739301.html?tag=mn_hd">http://news.cnet.com/news/0-1003-200-7739301.html?tag=mn_hd> NEW YORK--The mysterious "storm of data" that swamped computers at The New York Times was not caused by a malicious attack aimed at the paper but rather by a reemergence of the Nimda worm, company officials said Wednesday. A New York Times network administrator said in an internal e-mail Tuesday that the company's Internet connection was "interrupted by a storm of data" and that the "denial-of-service" activity may have been a deliberate attack. In a denial-of-service attack, thousands of fake messages are sent to server computers, tying up the recipient's network. But the real culprit was Nimda.E, a permutation of the Nimda worm that struck hundreds of thousands of computers worldwide beginning in September, said New York Times Chief Information Officer Michael Williams on Wednesday in a second inter-company e-mail obtained by Reuters. "We have secured a 'fix' for this virus which cleanses the infected machines," Williams said in the e-mail. A company spokeswoman confirmed that internal Internet access at the paper was up as of Wednesday morning. Nimda.E "is a new version that just appeared a few days ago," said Marc Fossi, malicious-code analyst for the San Mateo, Calif.-based firm SecurityFocus. "It's the same infection method, but it's been recompiled, and the file names it uses have been changed to make it harder for antivirus products to detect." The symptoms of a denial-of-service attack and a Nimda strike are quite similar, according to Russ Cooper of the computer security firm TruSecure. Nimda can quickly bog down internal networks as it generates Internet traffic in the hunt for new hosts. Denial-of-service attacks work in a similar way, overwhelming networks with requests. "If you have a large number of affected machines, very quickly--within five minutes--you're going to have a large portion of those machines attacking, and that's going to douse your network," Cooper said. The virus can be easily passed on via e-mail, infected Web pages or company subsidiaries with access to the main network. "It would be a heck of a lot easier to bring it in than anthrax, let's put it that way," Cooper said. Since Nimda relies on randomly generated Internet addresses, it is unlikely that the New York Times was deliberately targeted for attack, he added. During the recent string of anthrax transmissions, there have been at least two scares at the paper, including one letter filled with a white powder that was mailed to a reporter who wrote a book on bioterrorism. But tests at the paper have come up negative for the bacteria. According to Williams' e-mail, the paper was in the process of identifying the machines infected with Nimda and fixing them one by one, and was also updating its virus protection software. ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:58 PST