The Nimda virus is a malicious file-infecting
computer worm
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It wil ...
. It quickly spread, surpassing the economic damage caused by previous outbreaks such as
Code Red.
The first released advisory about this thread (worm) was released on September 18, 2001.
Due to the release date, exactly one week after the
attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and
Al Qaeda
Al-Qaeda (; , ) is an Islamic extremist organization composed of Salafist jihadists. Its members are mostly composed of Arabs, but also include other peoples. Al-Qaeda has mounted attacks on civilian and military targets in various countr ...
, though this theory ended up proving unfounded.
Nimda affected both user workstations (
clients) running
Windows 95
Windows 95 is a consumer-oriented operating system developed by Microsoft as part of its Windows 9x family of operating systems. The first operating system in the 9x family, it is the successor to Windows 3.1x, and was released to manufacturin ...
,
98,
NT,
2000
File:2000 Events Collage.png, From left, clockwise: Protests against Bush v. Gore after the 2000 United States presidential election; Heads of state meet for the Millennium Summit; The International Space Station in its infant form as seen from ...
, or
XP and
server
Server may refer to:
Computing
*Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients
Role
* Waiting staff, those who work at a restaurant or a bar attending customers and su ...
s running Windows NT and 2000.
[
The worm's name comes from the reversed spelling of "]admin
Administrator or admin may refer to:
Job roles Computing and internet
* Database administrator, a person who is responsible for the environmental aspects of a database
* Forum administrator, one who oversees discussions on an Internet forum
* ...
".
F-Secure
F-Secure Corporation is a global cyber security and privacy company, which has its headquarters in Helsinki, Finland.
The company has offices in Denmark, Finland, France, Germany, India, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Sweden, ...
found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin. However, they also noted that a computer in Canada was responsible for an October 11, 2001 release of infected emails alleging to be from Mikko Hyppönen
Mikko Hermanni Hyppönen (; born 13 October 1969) is a Finnish computer security expert, speaker and author. He is known for the Hyppönen Law about IoT security, which states that whenever an appliance is described as being "smart", it is vulner ...
and Data Fellows (F-Secure's previous name).
Methods of infection
Nimda proved effective partially because it—unlike other infamous malware like Code Red—uses five different infection vectors:
* Email
Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...
* Open network shares
* Browsing of compromised web sites
A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and Wikipe ...
* Exploitation
Exploitation may refer to:
*Exploitation of natural resources
*Exploitation of labour
** Forced labour
*Exploitation colonialism
*Slavery
** Sexual slavery and other forms
*Oppression
*Psychological manipulation
In arts and entertainment
*Exploi ...
of various Internet Information Services
Internet Information Services (IIS-pronounced 2S, formerly Internet Information Server) is an extensible web server software created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NNTP. ...
(IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS Server.)
* Back doors left behind by the "Code Red II" and "sadmind
The Sadmind worm was a computer worm which exploited vulnerabilities in both Sun Microsystems' SolarisSecurity Bulletin 00191 and Microsoft's Internet Information ServicesMS00-078, for which a patch had been made available seven months earlier. It ...
/IIS" worms.
See also
* Mixed threat attack
Regarding computer security, a mixed threat attack is an attack that uses several different tactics to infiltrate a computer user's environment. A mixed threat attack might include an infected file that comes in by way of spam or can be received ...
* Timeline of notable computer viruses and worms
A timeline is a display of a list of events in chronological order. It is typically a graphic design showing a long bar labelled with dates paralleling it, and usually contemporaneous events.
Timelines can use any suitable scale representin ...
References
External links
Cert advisory on Nimda
Antivirus vendor F-Secure's info on Nimda
{{Hacking in the 2000s
Exploit-based worms
Windows file viruses
Hacking in the 2000s
2001 in computing