Alarming experience: While working at my computer this afternoon, Norton Anti-Virus 2002 suddenly reported that five files containing the Nimda worm were found on my system. Norton killed all of them immediately, but I realized that someone was putting files on my computer through my Internet connection and was doubtlessly still around.

I immediately disconnected and reinstalled Norton Internet Firewall, which I had to remove last week while writing a book (a section on installing software to protect yourself from Internet abuse, no less).

Using the Guest account, the intruder dropped the files in a couple of shared folders I had left open that contained nothing but a few sample JPGs and WMA files that came with XP. I can't make any sense of the names of the files they gave me: dsc00004.eml, dsc00007.nws, einstein.eml, grid.eml and pre school songs.eml. I'm hoping they were sent to me by an automated process, since Nimda can spread via open shares like the one I was briefly offering the world. However, none of the filenames showed up in a Google search, which I would've expected if they were being routinely used to infect new computers. Does Nimda really copy a few randomly selected files into a shared folder hoping that the user will open them at some point and spread the worm?

Adding further insult, I also was sharing my fax machine -- which had some personal information in recent faxes I wouldn't want to share with a script kiddie.

Add a Comment

These HTML tags are permitted: <p>, <b>, <i>, <a>, and <blockquote>. A comment may not include more than three links. This site is protected by reCAPTCHA (for which the Google Privacy Policy and Terms of Service apply).