Nimda
Malicious file infecting computer worm From Wikipedia, the free encyclopedia
The Nimda virus is a malicious file-infecting computer worm.
| Nimda | |
|---|---|
| Technical name | Avast: Win32:Nimda Avira: W32/Nimda.eml BitDefender: Win32.Nimda.A@mm ClamAV: W32.Nimda.eml Eset: Win32/Nimda.A Grisoft: I-Worm/Nimda Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda McAfee: Exploit-MIME.gen.ex Sophos: W32/Nimda-A Symantec: W32.Nimda.A@mm |
| Type | Multi-vector worm |
| Origin | China (alleged) |
| Authors | Multiple authors; one serving prison time[1] |
| Technical details | |
| Platform | Windows 95 – XP |
| Written in | C++[2] |
The first released advisory about this threat (worm) was released on September 18, 2001.
Nimda affected both user workstations (clients) running Windows 95, 98, NT, 2000, or XP and servers running Windows NT and 2000.[3]
The worm's name comes from the reversed spelling of "admin".[1]
F-Secure found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin. However, they also noted that a computer in Canada was responsible for an October 11, 2001 release of infected emails alleging to be from Mikko Hyppönen and Data Fellows (F-Secure's previous name).[4]
Methods of infection
Nimda proved effective partially because it—unlike other infamous malware like Code Red—uses five different infections vectors:
- Open network shares
- Browsing of compromised web sites
- Exploitation of various Internet Information Services (IIS) 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful in exploiting well-known and long-solved vulnerabilities in the Microsoft IIS Server.[5])
- Back doors left behind by the "Code Red II" and "sadmind/IIS" worms.[6]
See also
References
External links
Wikiwand - on
Seamless Wikipedia browsing. On steroids.