Nimda: Difference between revisions
No edit summary |
No edit summary |
||
| Line 20: | Line 20: | ||
The first released advisory about this thread (worm) was released on September 18, 2001.<ref>[https://www.cert.org/historical/advisories/CA-2001-26.cfm CERT first released an advisory on the worm on September 18, 2001]</ref> Due to the release date, exactly one week after the [[September 11 attacks|attacks on the World Trade Center and Pentagon]], some media quickly began speculating a link between the virus and [[Al Qaeda]], though this theory ended up proving unfounded. |
The first released advisory about this thread (worm) was released on September 18, 2001.<ref>[https://www.cert.org/historical/advisories/CA-2001-26.cfm CERT first released an advisory on the worm on September 18, 2001]</ref> Due to the release date, exactly one week after the [[September 11 attacks|attacks on the World Trade Center and Pentagon]], some media quickly began speculating a link between the virus and [[Al Qaeda]], though this theory ended up proving unfounded. |
||
Nimda affected both |
Nimda affected both worksurfice ([[Client (computing)|clients]]) running [[Windows 95]], [[Windows 98|98]], [[Windows NT 4.0|NT]], [[Windows 2000|2000]] or [[Windows XP|XP]] and [[Server (computing)|server]]s running Windows NT and 2000. |
||
The worm's name origin comes from the reversed spelling of "[[System administrator|admin]]". |
The worm's name origin comes from the reversed spelling of "[[System administrator|admin]]". |
||
Revision as of 08:38, 18 October 2017
| Nimda | |
|---|---|
| Technical name | Avast: Win32:Nimda Avira: W32/Nimda.eml BitDefender: Win32.Nimda.A@mm ClamAV: W32.Nimda.eml Eset: Win32/Nimda.A Grisoft: I-Worm/Nimda Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda McAfee: Exploit-MIME.gen.ex Sophos: W32/Nimda-A Symantec: W32.Nimda.A@mm |
| Type | Multi-vector worm |
| Origin | China (alleged) |
| Authors | Multiple authors; one serving prison time |
| Technical details | |
| Platform | Windows 95 – XP |
| Written in | C++[1] |
Nimda is a malicious file infecting computer worm. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red.
The first released advisory about this thread (worm) was released on September 18, 2001.[2] Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.
Nimda affected both worksurfice (clients) running Windows 95, 98, NT, 2000 or XP and servers running Windows NT and 2000.
The worm's name origin comes from the reversed spelling of "admin".
F-Secure found the text[3] "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin.
Methods of infection
Nimda was so effective partially because it—unlike other infamous malware like the Morris worm or Code Red—uses five different infection vectors:
- Open network shares
- Browsing of compromised web sites
- exploitation of various Internet Information Services (IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS Server.[4])
- Back doors left behind by the "Code Red II" and "sadmind/IIS" worms.
See also
References
- ^ "Information about the Network Worm "Nimda" | Kaspersky Lab". Kaspersky.com. 2001-09-18. Retrieved 2016-06-04.
- ^ CERT first released an advisory on the worm on September 18, 2001
- ^ "Net-Worm: W32/Nimda Description | F-Secure Labs". F-secure.com. Retrieved 2016-06-04.
- ^ "Kurt Seifried - LASG / Introduction to security". Seifried.org. Retrieved 2016-06-04.