Computer Desktop Encyclopedia
THIS DEFINITION IS FOR PERSONAL USE ONLY.
All other reproduction is strictly prohibited without permission from the publisher.
© 1981-2012 The Computer Language Company Inc. All rights reserved. Read more
Nimda
Top
An extremely effective denial-of-service worm that takes advantage of numerous security loopholes in Microsoft's Web server (IIS) and browser (IE) software. Meaning "admin" backwards, Nimda usurps disk space in both clients and servers by depositing unwanted files in local folders and network shares and attaching itself to executables.
Nimda infects vulnerable IIS servers by adding a line of JavaScript to common Web pages that, when browsed by any user on a client machine, cause a virus file (README.EXE) within an Outlook .EML file to be downloaded and executed automatically. Users must have Outlook installed for this bizarre event to work. Introduced in September 2001 and affecting more than a million machines, Nimda propagates to other servers via FTP and to other users by using its own SMTP forwarding engine to send the virus to all the mail recipients that it finds. It also makes the hard disks in the server sharable for anyone. Nimda-A was the first release of the virus and uses README.EXE and README.EML files. Nimda-B, released shortly thereafter, uses PUTA!!.SCR and PUTA!!.EML files instead. See Web Server Folder Traversal and MIME exploit.
Download Computer Desktop Encyclopedia to your PC, iPhone or Android.
Top
 |
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (April 2009) |
| Type | Multiple |
|---|---|
| Operating system(s) affected | Windows 95–XP |
Nimda is a computer worm, and is also a file infector. It quickly spreads, eclipsing the economic damage caused by past outbreaks such as Code Red. Multiple propagation vectors allowed Nimda to become the Internet’s most widespread virus/worm within 22 minutes.
The worm was released on September 18, 2001.[1] Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.
Nimda affected both user workstations (clients) running Windows 95, 98, Me, NT, 2000 or XP and servers running Windows NT and 2000.
The worm's name origin comes from the reversed spelling of it, which is "admin".
F-Secure found the text[2] "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code.
|
Contents
|
Methods of infection
Nimda was so effective partially because it—unlike other infamous malware like the Morris worm or Code Red—uses five different infection vectors:
- via email
- via open network shares
- via browsing of compromised web sites
- exploitation of various Microsoft IIS 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS server.[3])
- via back doors left behind by the "Code Red II" and "sadmind/IIS" worms.
See also
References
- ^ http://www.cert.org/advisories/CA-2001-26.html CERT first released an advisory on the worm on September 18, 2001
- ^ http://www.f-secure.com/v-descs/nimda.shtml
- ^ http://seifried.org/lasg/introduction-to-security/
External links
 |
This malware-related article is a stub. You can help Wikipedia by expanding it. |
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
Post a question - any question - to the WikiAnswers community:
Mentioned in
Web Server Folder Traversal
(technology)
MIME exploit
(technology)
Nimda
(technology)
TCI
(technology)
HTML e-mail
(technology)
» More