Nimda worms way into Colorado

CERT Coordination Center Advisory

A computer worm, spreading rapidly around the world and affecting many corporations,

struck Colorado state systems Sept. 20.

"We were able to isolate it pretty quickly," said Bob Feingold, the

state's chief information officer, referring to the W32/Nimda worm. "The

Department of Labor and Employment got hit and the Department of Revenue

[as well]. But it only caused nuisance-level problems."

According to the CERT Coordination Center, an Internet security research

group, Nimda, which is "admin" spelled backward, modifies Web documents

and certain files and duplicates itself under various file names. It is

propagated in several ways, including opening infected e-mail attachments,

browsing compromised sites and sharing files on open networks.

"It fills up a server," Feingold said. "So you have to go in and clean

it out. During that time, the desktops have trouble accessing the server."

He said he didn't think any information was lost, although "there was

some period of time that there wasn't access to the outside world. I did

not receive any reports of serious problems."

After close of business Sept. 20, the state shut access from the outside

and cleaned the affected servers and desktops, which took several hours,

he said.

In a recent conference call with other state CIOs, Feingold acknowledged

that the worm also affected several other state governments, but he didn't

know to what extent and didn't identify the states.

In light of last week's terrorist attacks, Feingold also said cybersecurity

has become a more important issue.

"We had, before the unfortunate events of last week, an in-depth security

assessment under way. That was already running. That project started in

July," he said, adding that physical security plans of state technology

infrastructures were also recently implemented.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.