Nimda: Difference between revisions
→Methods of infection: vice "was so" |
The sub topic heading |
||
Line 17: | Line 17: | ||
| Language = C++<ref>{{cite web|url=http://www.kaspersky.com/about/news/virus/2001/Information_about_the_Network_Worm_Nimda_|title=Information about the Network Worm "Nimda"|work=Kaspersky Lab|publisher=Kaspersky.com|date=September 18, 2001|access-date=June 4, 2016|archive-url=https://web.archive.org/web/20160807233000/http://www.kaspersky.com/about/news/virus/2001/Information_about_the_Network_Worm_Nimda_|archive-date=August 7, 2016}}</ref> |
| Language = C++<ref>{{cite web|url=http://www.kaspersky.com/about/news/virus/2001/Information_about_the_Network_Worm_Nimda_|title=Information about the Network Worm "Nimda"|work=Kaspersky Lab|publisher=Kaspersky.com|date=September 18, 2001|access-date=June 4, 2016|archive-url=https://web.archive.org/web/20160807233000/http://www.kaspersky.com/about/news/virus/2001/Information_about_the_Network_Worm_Nimda_|archive-date=August 7, 2016}}</ref> |
||
}} |
}} |
||
'''Nimda''' is a malicious file-infecting [[computer worm]]. It quickly spread, surpassing the economic damage{{cn|date=November 2022}} caused by previous outbreaks such as [[Code Red (computer worm)|Code Red]]. |
'''<u>The Nimda virus</u>''' is a malicious file-infecting [[computer worm]]. It quickly spread, surpassing the economic damage{{cn|date=November 2022}} caused by previous outbreaks such as [[Code Red (computer worm)|Code Red]]. |
||
The first released advisory about this thread (worm) was released on September 18, 2001.<ref name=cert>{{cite web|url=https://www.cert.org/historical/advisories/CA-2001-26.cfm|title=CA-2001-26: Nimda Worm|website=[[CERT Coordination Center]]|publisher=[[Carnegie Mellon University]]|date=September 18, 2001|archive-url=https://web.archive.org/web/20140226175440/https://www.cert.org/historical/advisories/CA-2001-26.cfm|archive-date=February 26, 2014|url-status=dead}}</ref> Due to the release date, exactly one week after the [[September 11 attacks|attacks on the World Trade Center and Pentagon]], some media quickly began speculating a link between the virus and [[Al Qaeda]], though this theory ended up proving unfounded.{{cn|date=May 2021}} |
The first released advisory about this thread (worm) was released on September 18, 2001.<ref name=cert>{{cite web|url=https://www.cert.org/historical/advisories/CA-2001-26.cfm|title=CA-2001-26: Nimda Worm|website=[[CERT Coordination Center]]|publisher=[[Carnegie Mellon University]]|date=September 18, 2001|archive-url=https://web.archive.org/web/20140226175440/https://www.cert.org/historical/advisories/CA-2001-26.cfm|archive-date=February 26, 2014|url-status=dead}}</ref> Due to the release date, exactly one week after the [[September 11 attacks|attacks on the World Trade Center and Pentagon]], some media quickly began speculating a link between the virus and [[Al Qaeda]], though this theory ended up proving unfounded.{{cn|date=May 2021}} |
Revision as of 15:16, 5 December 2022
Nimda | |
---|---|
Technical name | Avast: Win32:Nimda Avira: W32/Nimda.eml BitDefender: Win32.Nimda.A@mm ClamAV: W32.Nimda.eml Eset: Win32/Nimda.A Grisoft: I-Worm/Nimda Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda McAfee: Exploit-MIME.gen.ex Sophos: W32/Nimda-A Symantec: W32.Nimda.A@mm |
Type | Multi-vector worm |
Origin | China (alleged) |
Authors | Multiple authors; one serving prison time [1] |
Technical details | |
Platform | Windows 95 – XP |
Written in | C++[2] |
The Nimda virus is a malicious file-infecting computer worm. It quickly spread, surpassing the economic damage[citation needed] caused by previous outbreaks such as Code Red.
The first released advisory about this thread (worm) was released on September 18, 2001.[3] Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.[citation needed]
Nimda affected both user workstations (clients) running Windows 95, 98, NT, 2000, or XP and servers running Windows NT and 2000.[3]
The worm's name comes from the reversed spelling of "admin".[citation needed]
F-Secure found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin. However, they also noted that a computer in Canada was responsible for an October 11, 2001 release of infected emails alleging to be from Mikko Hyppönen and Data Fellows (F-Secure's previous name).[4]
Methods of infection
Nimda proved effective partially because it—unlike other infamous malware like Code Red—uses five different infection vectors:
- Open network shares
- Browsing of compromised web sites
- Exploitation of various Internet Information Services (IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS Server.[5])
- Back doors left behind by the "Code Red II" and "sadmind/IIS" worms.[6]
See also
References
- ^ "Ten years on from Nimda". TheRegister.com. September 17, 2011. Retrieved October 27, 2020.
- ^ "Information about the Network Worm "Nimda"". Kaspersky Lab. Kaspersky.com. September 18, 2001. Archived from the original on August 7, 2016. Retrieved June 4, 2016.
- ^ a b "CA-2001-26: Nimda Worm". CERT Coordination Center. Carnegie Mellon University. September 18, 2001. Archived from the original on February 26, 2014.
- ^ "Net-Worm: W32/Nimda Description". F-Secure Labs. F-secure.com. Retrieved June 4, 2016.
- ^ "Kurt Seifried - LASG / Introduction to security". Seifried.org. Retrieved June 4, 2016.
- ^ Chen, Thomas M.; Robert, Jean-Marc (2004). "The Evolution of Viruses and Worms". In Chen, William W.S (ed.). Statistical Methods in Computer Security. doi:10.1201/9781420030884. ISBN 9780429131615.