Nimda: Difference between revisions

Nimda
Nimda
Technical name	Avast: Win32:Nimda; Avira: W32/Nimda.eml; BitDefender: Win32.Nimda.A@mm; ClamAV: W32.Nimda.eml; Eset: Win32/Nimda.A; Grisoft: I-Worm/Nimda; Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda; McAfee: Exploit-MIME.gen.ex; Sophos: W32/Nimda-A; Symantec: W32.Nimda.A@mm
Type	Multi-vector worm
Origin	China (alleged)
Authors	Multiple authors; one serving prison time
Technical details
Platform	Windows 95 – XP
Written in	C++

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Inline

Revision as of 16:39, 12 June 2019

Nimda is a malicious file infecting computer worm. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red. The first released advisory about this thread (worm) was released on September 18, 2001.^[2] Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.

Nimda affected both user workstations (clients) running Windows 95, 98, NT, 2000 or XP and servers running Windows NT and 2000.

The worm's name origin comes from the reversed spelling of "admin".

Methods of infection

Nimda was so effective partially because it—unlike other infamous malware like the Morris worm or Code Red—uses five different infection vectors:

Email
Open network shares
Browsing of compromised web sites
exploitation of various Internet Information Services (IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS Server.^[4])
Back doors left behind by the "Code Red II" and "sadmind/IIS" worms.

References

^ "Information". Kaspersky.com. 2001-09-18. Archived from the original on August 7, 2016. Retrieved 2016-06-04. {{cite web}}: Unknown parameter |oficina= ignored (help)
^ CERT first released an advisory on the worm on September 18, 2001
^ "Net-Worm: W32/Nimda Description | F-Secure Labs". F-secure.com. Retrieved 2016-06-04.
^ "Kurt Seifried - LASG / Introduction to security". Seifried.org. Retrieved 2016-06-04.

External links

[1] "Information". Kaspersky.com. 2001-09-18. Archived from the original on August 7, 2016. Retrieved 2016-06-04. {{cite web}}: Unknown parameter |oficina= ignored (help)

[2] CERT first released an advisory on the worm on September 18, 2001

[3] "Net-Worm: W32/Nimda Description | F-Secure Labs". F-secure.com. Retrieved 2016-06-04.

[4] "Kurt Seifried - LASG / Introduction to security". Seifried.org. Retrieved 2016-06-04.

[1]

[2]

[3]

[4]

@@ Line 18: / Line 18: @@
 about the Network Worm "Nimda" &#124; Kaspersky Lab |publisher=Kaspersky.com |date=2001-09-18 |accessdate=2016-06-04 |archiveurl = https://web.archive.org/web/20160807233000/http://www.kaspersky.com/about/news/virus/2001/Information_about_the_Network_Worm_Nimda_ | archivedate = August 7, 2016}}</ref>
 }}
-'''Nimda''' is a malicious file infecting [[computer worm]]. It quickly spread, surpassing the economic damage caused by previous outbreaks such as [[Code Red (computer worm)|Code R
+'''Nimda''' is a malicious file infecting [[computer worm]]. It quickly spread, surpassing the economic damage caused by previous outbreaks such as [[Code Red (computer worm)|Code Red]].
 The first released advisory about this thread (worm) was released on September 18, 2001.<ref>[https://www.cert.org/historical/advisories/CA-2001-26.cfm CERT first released an advisory on the worm on September 18, 2001]</ref> Due to the release date, exactly one week after the [[September 11 attacks|attacks on the World Trade Center and Pentagon]], some media quickly began speculating a link between the virus and [[Al Qaeda]], though this theory ended up proving unfounded.

Revision as of 16:39, 12 June 2019

Methods of infection

See also

References

External links