Nimda
   HOME

TheInfoList



Click Here for Items Related To - Nimda
OR:
Nimda on:   [Wikipedia]   [Google]   [Amazon]

The Nimda virus is a malicious file-infecting computer worm. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red. The first released advisory about this thread (worm) was released on September 18, 2001. Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded. Nimda affected both user workstations ( clients) running
Windows 95 Windows 95 is a consumer-oriented operating system developed by Microsoft as part of its Windows 9x family of operating systems. The first operating system in the 9x family, it is the successor to Windows 3.1x, and was released to manufacturi ...
, 98, NT,
2000 File:2000 Events Collage.png, From left, clockwise: Protests against Bush v. Gore after the 2000 United States presidential election; Heads of state meet for the Millennium Summit; The International Space Station in its infant form as seen from S ...
, or XP and
server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...
s running Windows NT and 2000. The worm's name comes from the reversed spelling of "
admin Administrator or admin may refer to: Job roles Computing and internet * Database administrator, a person who is responsible for the environmental aspects of a database * Forum administrator, one who oversees discussions on an Internet forum * ...
".
F-Secure F-Secure Corporation is a global cyber security and privacy company, which has its headquarters in Helsinki, Finland. The company has offices in Denmark, Finland, France, Germany, India, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Sweden, ...
found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin. However, they also noted that a computer in Canada was responsible for an October 11, 2001 release of infected emails alleging to be from
Mikko Hyppönen Mikko Hermanni Hyppönen (; born 13 October 1969) is a Finnish computer security expert, speaker and author. He is known for the Hyppönen Law about IoT security, which states that whenever an appliance is described as being "smart", it is vulner ...
and Data Fellows (F-Secure's previous name).


Methods of infection

Nimda proved effective partially because it—unlike other infamous malware like Code Red—uses five different infection vectors: *
Email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...
* Open network shares * Browsing of compromised
web sites A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and Wikip ...
*
Exploitation Exploitation may refer to: *Exploitation of natural resources *Exploitation of labour ** Forced labour *Exploitation colonialism *Slavery ** Sexual slavery and other forms *Oppression *Psychological manipulation In arts and entertainment *Exploi ...
of various
Internet Information Services Internet Information Services (IIS-pronounced 2S, formerly Internet Information Server) is an extensible web server software created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NN ...
(IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS Server.) * Back doors left behind by the "Code Red II" and " sadmind/IIS" worms.


See also

* Mixed threat attack *
Timeline of notable computer viruses and worms A timeline is a display of a list of events in chronological order. It is typically a graphic design showing a long bar labelled with dates paralleling it, and usually contemporaneous events. Timelines can use any suitable scale representi ...


References


External links


Cert advisory on Nimda

Antivirus vendor F-Secure's info on Nimda
{{Hacking in the 2000s Exploit-based worms Windows file viruses Hacking in the 2000s 2001 in computing