Nimda

Nimda Virus
Technical name	Avast: Win32:Nimda; Avira: W32/Nimda.eml; BitDefender: Win32.Nimda.A@mm; ClamAV: W32.Nimda.eml; Eset: Win32/Nimda.A; Grisoft: I-Worm/Nimda; Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda; McAfee: Exploit-MIME.gen.ex; Sophos: W32/Nimda-A; Symantec: W32.Nimda.A@mm
Type	Multi-vector worm
Point of origin	China (alleged)
Author(s)	Multiple authors; one serving prison time
Operating system(s) affected	Windows 95 – XP
Written in	C++

Nimda is a malicious file-infecting computer worm. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red.

The first released advisory about this thread (worm) was released on September 18, 2001.^[3] Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.^{[citation needed]}

Nimda affected both user workstations (clients) running Windows 95, 98, NT, 2000, or XP and servers running Windows NT and 2000.^[3]

The worm's name comes from the reversed spelling of "admin".^{[citation needed]}

F-Secure found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin. However, they also noted that a computer in Canada was responsible for an October 11, 2001 release of infected emails alleging to be from Mikko Hyppönen and Data Fellows (F-Secure's previous name).^[4]

Methods of infection[]

Nimda was so effective partially because it—unlike other infamous malware like Code Red—uses five different infection vectors:

Email
Open network shares
Browsing of compromised web sites
Exploitation of various Internet Information Services (IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS Server.^[5])
Back doors left behind by the "Code Red II" and "sadmind/IIS" worms.^[6]

References[]

^ "Ten years on from Nimda". TheRegister.com. September 17, 2011. Retrieved October 27, 2020.
^ "Information about the Network Worm "Nimda"". Kaspersky Lab. Kaspersky.com. September 18, 2001. Archived from the original on August 7, 2016. Retrieved June 4, 2016.
^ Jump up to: ^a ^b "CA-2001-26: Nimda Worm". CERT Coordination Center. Carnegie Mellon University. September 18, 2001. Archived from the original on February 26, 2014.
^ "Net-Worm: W32/Nimda Description". F-Secure Labs. F-secure.com. Retrieved June 4, 2016.
^ "Kurt Seifried - LASG / Introduction to security". Seifried.org. Retrieved June 4, 2016.
^ Chen, Thomas M.; Robert, Jean-Marc. Statistical Methods in Computer Security. 9780429131615.CS1 maint: location (link)

External links[]

[1] "Ten years on from Nimda". TheRegister.com. September 17, 2011. Retrieved October 27, 2020.

[2] "Information about the Network Worm "Nimda"". Kaspersky Lab. Kaspersky.com. September 18, 2001. Archived from the original on August 7, 2016. Retrieved June 4, 2016.

[cert-3] Jump up to: ^a ^b "CA-2001-26: Nimda Worm". CERT Coordination Center. Carnegie Mellon University. September 18, 2001. Archived from the original on February 26, 2014.

[4] "Net-Worm: W32/Nimda Description". F-Secure Labs. F-secure.com. Retrieved June 4, 2016.

[5] "Kurt Seifried - LASG / Introduction to security". Seifried.org. Retrieved June 4, 2016.

[6] Chen, Thomas M.; Robert, Jean-Marc. Statistical Methods in Computer Security. 9780429131615.CS1 maint: location (link)

[1]

[2]

[3]

[4]

[5]

[6]

Nimda

Contents

Methods of infection[]

See also[]

References[]

External links[]

Technical name	Avast: Win32:Nimda Avira: W32/Nimda.eml BitDefender: Win32.Nimda.A@mm ClamAV: W32.Nimda.eml Eset: Win32/Nimda.A Grisoft: I-Worm/Nimda Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda McAfee: Exploit-MIME.gen.ex Sophos: W32/Nimda-A Symantec: W32.Nimda.A@mm
Type	Multi-vector worm
Point of origin	China (alleged)
Author(s)	Multiple authors; one serving prison time ^[1]
Operating system(s) affected	Windows 95 – XP
Written in	C++^[2]