Networks Run Despite NIMDA

 
 
By eweek  |  Posted 2001-09-19
 
 
 

It looks as though the NIMDA worm has yet to derail Internet performance.

Despite some dire early predictions that the sophisticated program would clog networks by today, both Keynote Systems and Matrix.net report essentially normal traffic flows on the Net.

Keynote checked Web-traffic flows at 7 p.m. last night and saw nothing unusual.

"Keynote Systems has so far ... seen no effect of the NIMDA worm on overall Internet performance - neither on the Internet backbone infrastructure nor on the ability for users to access sites on the Internet," read the statement.

Updated latency information from Keynote showed only a few networks suffering a lag in packet delivery, which is not uncommon.

Similarly, Matrixs Internetweather.com site has been exhibiting average global Net latency at about 100 milliseconds during the past 24 hours, a level that denotes basic stability.

Reports of the pernicious NIMDAs spread continue, but the Net appears to be handling the extra load as the worm replicates.

"NIMDA is attacking mostly access [Web sites, end-user machines]; its having a limited effect on backbone carriers," said one network engineer who preferred not to be identified. "Some users are reporting their access pipes [cable modems, DSL, T1s] getting filled up 30 to 50 percent by probes from infected NIMDA machines."

Security experts said the quick response by companies and individuals is probably helping.

"Virus deletion definitions have slowed the spread," said Sharon Ruckman, a senior security official at Symantec. "A lot of machines have been patched."

But NIMDA is proving to be quite nimble. Symantec has received 1,300 samples of the worm in the past day, an extremely high number.

The worm modifies and replaces files in the operating system to gain administrative control, infects C drives and takes over e-mail programs.

"Its spoofing addresses," said Ruckman, who added that NIMDA has its own Simple Message Transfer Protocol mail engine.

Swa Frantzen, a security expert with Ubizen, said the situation for PC and server users will likely get worse before it improves.

"[NIMDA] is very aggressive. Even if it doesnt have a destructive payload, the impact of fixing and sanitizing everything to make sure its gone is going to be huge," Frantzen said.

Max Smetannikov contributed to this report.

Rocket Fuel