HOME >> IT Security >> Computer Virus Incident Reports [summary] October 5, 2001
Computer Virus Incident Reports [summary]
October 5, 2001
Information-technology Promotion Agency
Security Center (IPA/ISEC)
Appearance of Tough Virus called W32/Nimda!
This is a summary of Computer Virus Incident Reports of September 2001 compiled by IPA: Information-technology Promotion Agency (President: Shigeo Muraoka).
2238 reports were submitted in September. We got over 2000 reports last month as well. There were 323 reports for the new virus called W32/Nimda. Among those, the number of actual damage was 218 (67.5%), which shows it to be high risk. It effected the percentage of actual damage to total reports of this month. Which was 22.8% (510reports ) and this is the highest rate in this year's.
W32/Nimda utilizes multiple methods to spread itself!
W32/Nimda utilizes multiple methods to spread itself. One of them is to use a security hole in Internet Explorer (IE). There is a possibility of getting infected when you brows Web pages or preview emails. The number of actual damage from browsing Web sites was 133 and it takes up about a half.
If IE has been updated (or patched), the below Window will ask whether you want to download the infected files so that your system can avoid getting infected by selecting cancellation even if you brows infected Web page.
If the client machine has security holes, the infected files will be automatically downloaded without clicking the O.K. button. When either Outlook or Outlook Express is running in the client machine, the virus will automatically execute and a system will get infected.
PS,this is the case of using image of E-mail software under Japanese.
Viruses that will infect when you see the body of emails
| NUMBER OF REPORT | DATE OF THE FIRST REPORT | OUTLINE OF VIRUS | |
|---|---|---|---|
| W32 / Nimda | 323 | September 2001 | Utilizes security holes of IE / IIS Web server |
| Wscript / Kakworm | 684 | April 2000 | Utilizes security holes of IE |
| VBS/Haptime | 148 | May 2001 | Virus is sent as the signature file of email |
Warning for this month:
Providing is preventing
===== Primary importance of the security patch =====
There are some Web pages that deface configuration files in the PC or are infected. W32/Nimda utilizes security holes in Microsoft's IE and Web server software , IIS to spread itself.
To avoid these incidents and use Internet service effectively, it is important to do the following measurements.
- Set up the security function of the browser or mailer properly
"The screen for setting up the security function of the major software"
http://www.ipa.go.jp/security/virus/beginner/check/attach/set.html (Japanese) - Apply anti-virus software at all times (real time search/real time protection/auto protect etc.)
- Apply security patches (update software)
"Microsoft's guide for home users on security measurements"
http://www.microsoft.com/Japan/enable/products/security/
verslist.asp?prod=032 (Japanese)
Information
IPA Security Center (IPA/ISEC)
(ISEC: Information technology SEcurity Center)
TEL: 03-5978-7508 FAX: 03-5978-7518 E-mail:
Emergency call: 03-5978-7509 URL: http://www.ipa.go.jp/security/