Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda
|Point of origin||China (alleged)|
|Author(s)||Multiple authors; one serving prison time|
|Operating system(s) affected||Windows 95 – XP|
The first released advisory about this thread (worm) was released on September 18, 2001. Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.
The worm's name origin comes from the reversed spelling of "admin".
Methods of infection
- Open network shares
- Browsing of compromised web sites
- exploitation of various Internet Information Services (IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS Server.)
- Back doors left behind by the "Code Red II" and "sadmind/IIS" worms.
- "Information about the Network Worm "Nimda" | Kaspersky Lab". Kaspersky.com. 2001-09-18. Archived from the original on August 7, 2016. Retrieved 2016-06-04.
- CERT first released an advisory on the worm on September 18, 2001
- "Net-Worm: W32/Nimda Description | F-Secure Labs". F-secure.com. Retrieved 2016-06-04.
- "Kurt Seifried - LASG / Introduction to security". Seifried.org. Retrieved 2016-06-04.