Nimda: Difference between revisions

Nimda
Nimda
Technical name	Avast: Win32:Nimda; Avira: W32/Nimda.eml; BitDefender: Win32.Nimda.A@mm; ClamAV: W32.Nimda.eml; Eset: Win32/Nimda.A; Grisoft: I-Worm/Nimda; Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda; McAfee: Exploit-MIME.gen.ex; Sophos: W32/Nimda-A; Symantec: W32.Nimda.A@mm
Type	Multi-vector worm
Origin	China (alleged)
Authors	Multiple authors; one serving prison time
Technical details
Platform	Windows 95 – XP
Written in	C++

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Inline

Revision as of 06:54, 26 September 2024

Internet history timeline

Early research and development:

1960–4 (1960–4): RAND networking concepts developed
1962–4 (1962–4): ARPA networking ideas
1965 (1965): NPL network concepts conceived
1966 (1966): Merit Network founded
1967 (1967): ARPANET planning begins
1967 (1967): Symposium on Operating Systems Principles
1969 (1969): NPL followed by the ARPANET carry their first packets
1970 (1970): Network Information Center (NIC)
1971 (1971): Tymnet switched-circuit network
1972 (1972): Merit Network's packet-switched network operational
1972 (1972): Internet Assigned Numbers Authority (IANA) established
1973 (1973): CYCLADES network demonstrated
1973 (1973): PARC Universal Packet development begins
1974 (1974): Transmission Control Program specification published
1975 (1975): Telenet commercial packet-switched network
1976 (1976): X.25 protocol approved and deployed on public data networks
1978 (1978): Minitel introduced
1979 (1979): Internet Activities Board (IAB)
1980 (1980): USENET news using UUCP
1980 (1980): Ethernet standard introduced
1981 (1981): BITNET established

Merging the networks and creating the Internet:

1981 (1981): Computer Science Network (CSNET)
1982 (1982): TCP/IP protocol suite formalized
1982 (1982): Simple Mail Transfer Protocol (SMTP)
1983 (1983): Domain Name System (DNS)
1983 (1983): MILNET split off from ARPANET
1984 (1984): OSI Reference Model released
1985 (1985): First .COM domain name registered
1986 (1986): NSFNET with 56 kbit/s links
1986 (1986): Internet Engineering Task Force (IETF)
1987 (1987): UUNET founded
1988 (1988): NSFNET upgraded to 1.5 Mbit/s (T1)
1988 (1988): Morris worm
1988 (1988): Complete Internet protocol suite
1989 (1989): Border Gateway Protocol (BGP)
1989 (1989): PSINet founded, allows commercial traffic
1989 (1989): Federal Internet Exchanges (FIX East|FIXes)
1990 (1990): GOSIP (without TCP/IP)
1990 (1990): ARPANET decommissioned
1990 (1990): Advanced Network and Services (ANS)
1990 (1990): UUNET/Alternet allows commercial traffic
1990 (1990): Archie search engine
1991 (1991): Wide area information server (WAIS)
1991 (1991): Gopher
1991 (1991): Commercial Internet eXchange (CIX)
1991 (1991): ANS CO+RE allows commercial traffic
1991 (1991): World Wide Web (WWW)
1992 (1992): NSFNET upgraded to 45 Mbit/s (T3)
1992 (1992): Internet Society (ISOC) established
1993 (1993): Classless Inter-Domain Routing (CIDR)
1993 (1993): InterNIC established
1993 (1993): AOL added USENET access
1993 (1993): Mosaic web browser released
1994 (1994): Full text web search engines
1994 (1994): North American Network Operators' Group (NANOG) established

Commercialization, privatization, broader access leads to the modern Internet:

1995 (1995): New Internet architecture with commercial ISPs connected at NAPs
1995 (1995): NSFNET decommissioned
1995 (1995): GOSIP updated to allow TCP/IP
1995 (1995): very high-speed Backbone Network Service (vBNS)
1995 (1995): IPv6 proposed
1996 (1996): AOL changes pricing model from hourly to monthly
1998 (1998): Internet Corporation for Assigned Names and Numbers (ICANN)
1999 (1999): IEEE 802.11b wireless networking
1999 (1999): Internet2/Abilene Network
1999 (1999): vBNS+ allows broader access
2000 (2000): Dot-com bubble bursts
2001 (2001): New top-level domain names activated
2001 (2001): Code Red I, Code Red II, and Nimda worms
2003 (2003): UN World Summit on the Information Society (WSIS) phase I

2003 (2003): National LambdaRail founded
2004 (2004): UN Working Group on Internet Governance (WGIG)
2005 (2005): UN WSIS phase II
2006 (2006): First meeting of the Internet Governance Forum
2010 (2010): First internationalized country code top-level domains registered
2012 (2012): ICANN begins accepting applications for new generic top-level domain names
2013 (2013): Montevideo Statement on the Future of Internet Cooperation
2014 (2014): NetMundial international Internet governance proposal
2016 (2016): ICANN contract with U.S. Dept. of Commerce ends, IANA oversight passes to the global Internet community on October 1st

Examples of Internet services:

1989 (1989): AOL dial-up service provider, email, instant messaging, and web browser
1990 (1990): IMDb Internet movie database
1994 (1994): Yahoo! web directory
1995 (1995): Amazon online retailer
1995 (1995): eBay online auction and shopping
1995 (1995): Craigslist classified advertisements
1995 (1995): AltaVista search engine
1996 (1996): Outlook (formerly Hotmail) free web-based e-mail
1996 (1996): RankDex search engine
1997 (1997): Google Search
1997 (1997): Babel Fish automatic translation
1998 (1998): Yahoo Groups (formerly Yahoo! Clubs)
1998 (1998): PayPal Internet payment system
1998 (1998): Rotten Tomatoes review aggregator
1999 (1999): 2ch Anonymous textboard
1999 (1999): i-mode mobile internet service
1999 (1999): Napster peer-to-peer file sharing
2000 (2000): Baidu search engine
2001 (2001): 2chan Anonymous imageboard
2001 (2001): BitTorrent peer-to-peer file sharing
2001 (2001): Wikipedia, the free encyclopedia
2003 (2003): LinkedIn business networking
2003 (2003): Myspace social networking site
2003 (2003): Skype Internet voice calls
2003 (2003): iTunes Store
2003 (2003): 4chan Anonymous imageboard
2003 (2003): The Pirate Bay, torrent file host
2004 (2004): Facebook social networking site
2004 (2004): Podcast media file series
2004 (2004): Flickr image hosting
2005 (2005): YouTube video sharing
2005 (2005): Reddit link voting
2005 (2005): Google Earth virtual globe
2006 (2006): Twitter microblogging
2007 (2007): WikiLeaks anonymous news and information leaks
2007 (2007): Google Street View
2007 (2007): Kindle, e-reader and virtual bookshop
2008 (2008): Amazon Elastic Compute Cloud (EC2)
2008 (2008): Dropbox cloud-based file hosting
2008 (2008): Encyclopedia of Life, a collaborative encyclopedia intended to document all living species
2008 (2008): Spotify, a DRM-based music streaming service
2009 (2009): Bing search engine
2009 (2009): Google Docs, Web-based word processor, spreadsheet, presentation, form, and data storage service
2009 (2009): Kickstarter, a threshold pledge system
2009 (2009): Bitcoin, a digital currency
2010 (2010): Instagram, photo sharing and social networking
2011 (2011): Google+, social networking
2011 (2011): Snapchat, photo sharing
2012 (2012): Coursera, massive open online courses
2016 (2016): TikTok, video sharing and social networking

The Nimda virus is a malicious file-infecting computer worm.

The first released advisory about this threat (worm) was released on September 18, 2001.

Nimda affected both user workstations (clients) running Windows 95, 98, NT, 2000, or XP and servers running Windows NT and 2000.^[3]

The worm's name comes from the reversed spelling of "admin".^[1]

F-Secure found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin. However, they also noted that a computer in Canada was responsible for an October 11, 2001 release of infected emails alleging to be from Mikko Hyppönen and Data Fellows (F-Secure's previous name).^[4]

Methods of infection

Nimda proved effective partially because it—unlike other infamous malware like Code Red—uses five different infection vectors:

Email
Open network shares
Browsing of compromised web sites
Exploitation of various Internet Information Services (IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS Server.^[5])
Back doors left behind by the "Code Red II" and "sadmind/IIS" worms.^[6]

References

^ ^a ^b "Ten years on from Nimda". TheRegister.com. September 17, 2011. Retrieved October 27, 2020.
^ "Information about the Network Worm "Nimda"". Kaspersky Lab. Kaspersky.com. September 18, 2001. Archived from the original on August 7, 2016. Retrieved June 4, 2016.
^ "CA-2001-26: Nimda Worm". CERT Coordination Center. Carnegie Mellon University. September 18, 2001. Archived from the original on February 26, 2014.
^ "Net-Worm: W32/Nimda Description". F-Secure Labs. F-secure.com. Retrieved June 4, 2016.
^ "Kurt Seifried - LASG / Introduction to security". Seifried.org. Retrieved June 4, 2016.
^ Chen, Thomas M.; Robert, Jean-Marc (2004). "The Evolution of Viruses and Worms". In Chen, William W.S (ed.). Statistical Methods in Computer Security. doi:10.1201/9781420030884. ISBN 9780429131615.

External links

[Nimdadmin-1] "Ten years on from Nimda". TheRegister.com. September 17, 2011. Retrieved October 27, 2020.

[2] "Information about the Network Worm "Nimda"". Kaspersky Lab. Kaspersky.com. September 18, 2001. Archived from the original on August 7, 2016. Retrieved June 4, 2016.

[cert-3] "CA-2001-26: Nimda Worm". CERT Coordination Center. Carnegie Mellon University. September 18, 2001. Archived from the original on February 26, 2014.

[4] "Net-Worm: W32/Nimda Description". F-Secure Labs. F-secure.com. Retrieved June 4, 2016.

[5] "Kurt Seifried - LASG / Introduction to security". Seifried.org. Retrieved June 4, 2016.

[6] Chen, Thomas M.; Robert, Jean-Marc (2004). "The Evolution of Viruses and Worms". In Chen, William W.S (ed.). Statistical Methods in Computer Security. doi:10.1201/9781420030884. ISBN 9780429131615.

[1]

[2]

[3]

[4]

[5]

[6]

@@ Line 17: / Line 17: @@
 | Language       = C++<ref>{{cite web|url=http://www.kaspersky.com/about/news/virus/2001/Information_about_the_Network_Worm_Nimda_|title=Information about the Network Worm "Nimda"|work=Kaspersky Lab|publisher=Kaspersky.com|date=September 18, 2001|access-date=June 4, 2016|archive-url=https://web.archive.org/web/20160807233000/http://www.kaspersky.com/about/news/virus/2001/Information_about_the_Network_Worm_Nimda_|archive-date=August 7, 2016}}</ref>
 }}
+{{Internet history timeline}}
 The '''Nimda virus''' is a malicious file-infecting [[computer worm]].

Revision as of 06:54, 26 September 2024

Methods of infection

See also

References

External links