Nimda
   HOME

TheInfoList



Click Here for Items Related To - Nimda
OR:
Nimda on:   [Wikipedia]   [Google]   [Amazon]

The Nimda virus is a malicious file-infecting
computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will ...
. The first released advisory about this threat (worm) was released on September 18, 2001. Nimda affected both user workstations ( clients) running
Windows 95 Windows 95 is a consumer-oriented operating system developed by Microsoft and the first of its Windows 9x family of operating systems, released to manufacturing on July 14, 1995, and generally to retail on August 24, 1995. Windows 95 merged ...
, 98, NT,
2000 2000 was designated as the International Year for the Culture of Peace and the World Mathematics, Mathematical Year. Popular culture holds the year 2000 as the first year of the 21st century and the 3rd millennium, because of a tende ...
, or XP and servers running Windows NT and 2000. The worm's name comes from the reversed spelling of " admin".
F-Secure F-Secure Corporation is a global cyber security and privacy company, which has its headquarters in Helsinki, Finland. The company has offices in Denmark, Finland, France, Germany, India, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Swed ...
found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin. However, they also noted that a computer in Canada was responsible for an October 11, 2001 release of infected emails alleging to be from Mikko Hyppönen and Data Fellows (F-Secure's previous name).


Methods of infection

Nimda proved effective partially because it—unlike other infamous malware like Code Red—uses five different infections vectors: *
Email Electronic mail (usually shortened to email; alternatively hyphenated e-mail) is a method of transmitting and receiving Digital media, digital messages using electronics, electronic devices over a computer network. It was conceived in the ...
* Open network shares * Browsing of compromised
web sites A website (also written as a web site) is any web page whose content is identified by a common domain name and is published on at least one web server. Websites are typically dedicated to a particular topic or purpose, such as news, education, ...
* Exploitation of various
Internet Information Services Microsoft IIS (Internet Information Services, IIS, 2S) is an extensible web server created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTP/3, HTTPS, FTP, FTPS, SMTP and NNTP. It has been an integral part o ...
(IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful in exploiting well-known and long-solved vulnerabilities in the Microsoft IIS Server.) * Back doors left behind by the "Code Red II" and " sadmind/IIS" worms.


See also

* Mixed threat attack * Timeline of notable computer viruses and worms


References


External links


Cert advisory on Nimda

Antivirus vendor F-Secure's info on Nimda
{{Hacking in the 2000s Exploit-based worms Windows file viruses Hacking in the 2000s 2001 in computing