Objectives About Us Sponsors News Past Events Contact Us
Login G-TEC CC Mirror Forums Links

 

 

1st Incident Briefing Event - Nimda Virus

SIG^2 held its first Incident Briefing session on Monday 24 September evening at the iDA Club House in Suntec City. Around 15 SIG^2 members attended the briefing, which was conducted by Ching Tim Meng and Ho Kee Vin, both Senior Consultants from Trisecurity Pte Ltd. The topic for the session was the Nimda word, which ravaged the Internet the previous week and infected thousands of servers and PCs.

The session started with a quick background given by Kee Vin, followed by an technical description of th e modus operandi of the worm and its prevention by Tim Meng. The briefing participants learnt that the Nimda worm uses multiple methods to spread, by exploiting numerous known and often unpatched vulnerabilities on the Microsoft platform, particularly the IIS, Outlook and Internet Explorer.

The rest of the session was an in-depth interactive discussion between the briefing leaders and the participants, most of which were concerned with how to protect one's PCs and servers sufficiently. We learnt that this Nimda virus was special in that it incorporated not one, but several methods of delivery. We covered quite a bit o f ground on what are the best practices so as to prevent similar infections. It w as to be noted that the vulnerabilities which Nimda exploited were vulnerabilities discovered as long ago as several months back, so host machines which were not updated with patches within such a time-frame would be susceptible.

This Incident Briefing event ended at about 7.30pm. It was a most educational session, and clearly the Trisecurity presenters have put in a lot of work, researching the virus so as to present to participants comprehensively its infection mechanisms and effects. Perhaps the timing of this event on a Monday is inconvenient to the vast majority of SIG^2 members, otherwise more people might be able to attend and to benefit from the dissection of this latest virus.

* The organizers would like to thank Clement Leong of iDA for making arrangements for the very central venue.

Updated: 26/10/2002
webmaster@security.org.sg