Nimda

Nimda
Nimda
Technical name	Avast: Win32:Nimda; Avira: W32/Nimda.eml; BitDefender: Win32.Nimda.A@mm; ClamAV: W32.Nimda.eml; Eset: Win32/Nimda.A; Grisoft: I-Worm/Nimda; Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda; McAfee: Exploit-MIME.gen.ex; Sophos: W32/Nimda-A; Symantec: W32.Nimda.A@mm
Type	Multi-vector worm
Origin	China (alleged)
Authors	Multiple authors; one serving prison time
Technical details
Platform	Windows 95 – XP
Written in	C++

Nimda is a malicious file-infecting computer worm. It quickly spread, surpassing the economic damage^{[citation needed]} caused by previous outbreaks such as Code Red.

The first released advisory about this thread (worm) was released on September 18, 2001.^[3] Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.^{[citation needed]}

Nimda affected both user workstations (clients) running Windows 95, 98, NT, 2000, or XP and servers running Windows NT and 2000.^[3]

The worm's name comes from the reversed spelling of "admin".^{[citation needed]}

F-Secure found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin. However, they also noted that a computer in Canada was responsible for an October 11, 2001 release of infected emails alleging to be from Mikko Hyppönen and Data Fellows (F-Secure's previous name).^[4]

Methods of infection

Nimda proved effective partially because it—unlike other infamous malware like Code Red—uses five different infection vectors:

Email
Open network shares
Browsing of compromised web sites
Exploitation of various Internet Information Services (IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS Server.^[5])
Back doors left behind by the "Code Red II" and "sadmind/IIS" worms.^[6]

References

^ "Ten years on from Nimda". TheRegister.com. September 17, 2011. Retrieved October 27, 2020.
^ "Information about the Network Worm "Nimda"". Kaspersky Lab. Kaspersky.com. September 18, 2001. Archived from the original on August 7, 2016. Retrieved June 4, 2016.
^ ^a ^b "CA-2001-26: Nimda Worm". CERT Coordination Center. Carnegie Mellon University. September 18, 2001. Archived from the original on February 26, 2014.
^ "Net-Worm: W32/Nimda Description". F-Secure Labs. F-secure.com. Retrieved June 4, 2016.
^ "Kurt Seifried - LASG / Introduction to security". Seifried.org. Retrieved June 4, 2016.
^ Chen, Thomas M.; Robert, Jean-Marc (2004). "The Evolution of Viruses and Worms". In Chen, William W.S (ed.). Statistical Methods in Computer Security. doi:10.1201/9781420030884. ISBN 9780429131615.

External links

[1] "Ten years on from Nimda". TheRegister.com. September 17, 2011. Retrieved October 27, 2020.

[2] "Information about the Network Worm "Nimda"". Kaspersky Lab. Kaspersky.com. September 18, 2001. Archived from the original on August 7, 2016. Retrieved June 4, 2016.

[cert-3] "CA-2001-26: Nimda Worm". CERT Coordination Center. Carnegie Mellon University. September 18, 2001. Archived from the original on February 26, 2014.

[4] "Net-Worm: W32/Nimda Description". F-Secure Labs. F-secure.com. Retrieved June 4, 2016.

[5] "Kurt Seifried - LASG / Introduction to security". Seifried.org. Retrieved June 4, 2016.

[6] Chen, Thomas M.; Robert, Jean-Marc (2004). "The Evolution of Viruses and Worms". In Chen, William W.S (ed.). Statistical Methods in Computer Security. doi:10.1201/9781420030884. ISBN 9780429131615.

[1]

[2]

[3]

[4]

[5]

[6]

Methods of infection

See also

References

External links