Jump to content

Nimda

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 114.134.0.129 (talk) at 01:16, 10 April 2013 (grammatical changes). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Nimda
TypeMultiple
Familyvirus
Technical details
PlatformWindows 95XP

Nimda is a computer worm, also a file infector. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red. Nimda utilized several types of propagation technique and this caused it to become the Internet’s most widespread virus/worm within 22 minutes.

The worm was released on September 18, 2001.[1] Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.

Nimda affected both user workstations (clients) running Windows 95, 98, Me, NT, 2000 or XP and servers running Windows NT and 2000.

The worm's name origin comes from the reversed spelling of it, which is "admin".

F-Secure found the text[2] "Concept Virus(CV) V.5, Copyright(C)2001 werKBF" in the Nimda code. It contained 3 payloads, fortunately it could not execute all payloads and was unable to reach its maximum potential. First payload left a backdoor for the worm author to access at a later time. Second, it requested a predefined website and installed GT.fbircflood the IRCbot. Last move to itself to cylinder 0, head 0, sector 7 to make itself unrecoverable in effort remove and hide the worm aspect. Had the final payload had have worked it would ofhave made this the most dangerous worm and made detection of it virtually impossible.


Methods of infection

Nimda was so effective partially because it—unlike other infamous malware like the Morris worm or Code Red—uses five different infection vectors:

  • via email
  • via open network shares
  • via browsing of compromised web sites
  • exploitation of various Microsoft IIS 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS server.[3])
  • via back doors left behind by the "Code Red II" and "sadmind/IIS" worms.

See also

References

  1. ^ http://www.cert.org/advisories/CA-2001-26.html CERT first released an advisory on the worm on September 18, 2001
  2. ^ http://www.f-secure.com/v-descs/nimda.shtml
  3. ^ http://seifried.org/lasg/introduction-to-security/
Stub icon

This malware-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Nimda&oldid=549605439"