| Technical name | Avast: Win32:Nimda Avira: W32/Nimda.eml BitDefender: Win32.Nimda.A@mm ClamAV: W32.Nimda.eml Eset: Win32/Nimda.A Grisoft: I-Worm/Nimda Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda McAfee: Exploit-MIME.gen.ex Sophos: W32/Nimda-A Symantec: W32.Nimda.A@mm |
|---|---|
| Type | Multi-vector worm |
| Point of origin | China (alleged) |
| Author(s) | Multiple authors; one serving prison time[1] |
| Operating system(s) affected | Windows 95 – XP |
| Written in | C++[2] |
The Nimda virus is a malicious file-infecting computer worm. It quickly spread, surpassing the economic damage[citation needed] caused by previous outbreaks such as Code Red.
The first released advisory about this threat (worm) was released on September 18, 2001.[3] Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.[citation needed]
Nimda affected both user workstations (clients) running Windows 95, 98, NT, 2000, or XP and servers running Windows NT and 2000.[3]
The worm's name comes from the reversed spelling of "admin".[1]
F-Secure found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin. However, they also noted that a computer in Canada was responsible for an October 11, 2001 release of infected emails alleging to be from Mikko Hyppönen and Data Fellows (F-Secure's previous name).[4]
YouTube Encyclopedic
-
1/3Views:5 246 26221 1121 383
-
Comparison: Computer Viruses
-
Computer Virus // 11 Most Dangerous & Lethal Viruses Ever!
-
The virus THAT almost killed the internet- The Code Red Worm
Transcription
Methods of infection
Nimda proved effective partially because it—unlike other infamous malware like Code Red—uses five different infection vectors:
- Open network shares
- Browsing of compromised web sites
- Exploitation of various Internet Information Services (IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS Server.[5])
- Back doors left behind by the "Code Red II" and "sadmind/IIS" worms.[6]
See also
References
- ^ a b "Ten years on from Nimda". TheRegister.com. September 17, 2011. Retrieved October 27, 2020.
- ^ "Information about the Network Worm "Nimda"". Kaspersky Lab. Kaspersky.com. September 18, 2001. Archived from the original on August 7, 2016. Retrieved June 4, 2016.
- ^ a b "CA-2001-26: Nimda Worm". CERT Coordination Center. Carnegie Mellon University. September 18, 2001. Archived from the original on February 26, 2014.
- ^ "Net-Worm: W32/Nimda Description". F-Secure Labs. F-secure.com. Retrieved June 4, 2016.
- ^ "Kurt Seifried - LASG / Introduction to security". Seifried.org. Retrieved June 4, 2016.
- ^ Chen, Thomas M.; Robert, Jean-Marc (2004). "The Evolution of Viruses and Worms". In Chen, William W.S (ed.). Statistical Methods in Computer Security. doi:10.1201/9781420030884. ISBN 9780429131615.
External links
This page was last edited on 30 May 2024, at 20:56