Nimda worms way into Colorado
- By Dibya Sarkar
- Sep 24, 2001
CERT Coordination Center Advisory
A computer worm, spreading rapidly around the world and affecting many corporations,
struck Colorado state systems Sept. 20.
"We were able to isolate it pretty quickly," said Bob Feingold, the
state's chief information officer, referring to the W32/Nimda worm. "The
Department of Labor and Employment got hit and the Department of Revenue
[as well]. But it only caused nuisance-level problems."
According to the CERT Coordination Center, an Internet security research
group, Nimda, which is "admin" spelled backward, modifies Web documents
and certain files and duplicates itself under various file names. It is
propagated in several ways, including opening infected e-mail attachments,
browsing compromised sites and sharing files on open networks.
"It fills up a server," Feingold said. "So you have to go in and clean
it out. During that time, the desktops have trouble accessing the server."
He said he didn't think any information was lost, although "there was
some period of time that there wasn't access to the outside world. I did
not receive any reports of serious problems."
After close of business Sept. 20, the state shut access from the outside
and cleaned the affected servers and desktops, which took several hours,
In a recent conference call with other state CIOs, Feingold acknowledged
that the worm also affected several other state governments, but he didn't
know to what extent and didn't identify the states.
In light of last week's terrorist attacks, Feingold also said cybersecurity
has become a more important issue.
"We had, before the unfortunate events of last week, an in-depth security
assessment under way. That was already running. That project started in
July," he said, adding that physical security plans of state technology
infrastructures were also recently implemented.