Nimda (computer Worm)
   HOME

TheInfoList



Click Here for Items Related To - Nimda (computer Worm)
OR:
Nimda (computer Worm) on:   [Wikipedia]   [Google]   [Amazon]

The Nimda virus is a malicious file-infecting
computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will ...
. The first released advisory about this threat (worm) was released on September 18, 2001. Nimda affected both user workstations ( clients) running
Windows 95 Windows 95 is a consumer-oriented operating system developed by Microsoft and the first of its Windows 9x family of operating systems, released to manufacturing on July 14, 1995, and generally to retail on August 24, 1995. Windows 95 merged ...
, 98, NT,
2000 2000 was designated as the International Year for the Culture of Peace and the World Mathematics, Mathematical Year. Popular culture holds the year 2000 as the first year of the 21st century and the 3rd millennium, because of a tende ...
, or XP and
server Server may refer to: Computing *Server (computing), a computer program or a device that provides requested information for other programs or devices, called clients. Role * Waiting staff, those who work at a restaurant or a bar attending custome ...
s running Windows NT and 2000. The worm's name comes from the reversed spelling of " admin".
F-Secure F-Secure Corporation is a global cyber security and privacy company, which has its headquarters in Helsinki, Finland. The company has offices in Denmark, Finland, France, Germany, India, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Swed ...
found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin. However, they also noted that a computer in Canada was responsible for an October 11, 2001 release of infected emails alleging to be from
Mikko Hyppönen Mikko Hyppönen (; born 13 October 1969) is a Finnish computer security expert, speaker and author. He is known for the Hyppönen Law of IoT security, which states that whenever an appliance is described as being "smart", it is vulnerable. He wo ...
and Data Fellows (F-Secure's previous name).


Methods of infection

Nimda proved effective partially because it—unlike other infamous malware like Code Red—uses five different infections vectors: *
Email Electronic mail (usually shortened to email; alternatively hyphenated e-mail) is a method of transmitting and receiving Digital media, digital messages using electronics, electronic devices over a computer network. It was conceived in the ...
* Open network shares * Browsing of compromised
web sites A website (also written as a web site) is any web page whose content is identified by a common domain name and is published on at least one web server. Websites are typically dedicated to a particular topic or purpose, such as news, education, ...
*
Exploitation Exploitation may refer to: *Exploitation of natural resources *Exploitation of Animals *Exploitation of labour **Forced labour *Exploitation colonialism *Slavery **Sexual slavery and other forms *Oppression *Psychological manipulation In arts an ...
of various
Internet Information Services Microsoft IIS (Internet Information Services, IIS, 2S) is an extensible web server created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTP/3, HTTPS, FTP, FTPS, SMTP and NNTP. It has been an integral part o ...
(IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful in exploiting well-known and long-solved vulnerabilities in the Microsoft IIS Server.) * Back doors left behind by the "Code Red II" and "
sadmind The Sadmind worm was a computer worm which exploited vulnerabilities in both Sun Microsystems' SolarisSecurity Bulletin 00191 CVE-1999-0977) and Microsoft's Internet Information ServicesMS00-078 CVE-2000-0884), for which a patch had been made avail ...
/IIS" worms.


See also

*
Mixed threat attack Regarding computer security, a mixed threat attack is an attack that uses several different tactics to infiltrate a computer user's environment. A mixed threat attack might include an infected file that comes in by way of spam or can be received by ...
*
Timeline of notable computer viruses and worms This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events. 1960s * John von Neumann's article on the "Theory of ...


References


External links


Cert advisory on Nimda

Antivirus vendor F-Secure's info on Nimda
{{Hacking in the 2000s Exploit-based worms Windows file viruses Hacking in the 2000s 2001 in computing