Nimda

Nimda Virus
Technical name Avast: Win32:Nimda
Avira: W32/Nimda.eml
BitDefender: Win32.Nimda.A@mm
ClamAV: W32.Nimda.eml
Eset: Win32/Nimda.A
Grisoft: I-Worm/Nimda
Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda
McAfee: Exploit-MIME.gen.ex
Sophos: W32/Nimda-A
Symantec: W32.Nimda.A@mm
Type Multi-vector worm
Point of origin China (alleged)
Operating system(s) affected Windows 95XP
Written in English

Nimda is a computer worm, also a file infector. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red. Nimda utilized several types of propagation techniques and this caused it to become the Internet’s most widespread virus/worm within 22 minutes.

The worm was released on September 18, 2001.[1] Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.

Nimda affected both user workstations (clients) running Windows 95, 98, Me, NT, 2000 or XP and servers running Windows NT and 2000.

The worm's name origin comes from the reversed spelling of it, which is "admin".

F-Secure found the text[2] "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin.

Methods of infection

Nimda was so effective partially because it—unlike other infamous malware like the Morris worm or Code Red—uses five different infection vectors:

See also

References

  1. https://www.cert.org/historical/advisories/CA-2001-26.cfm CERT first released an advisory on the worm on September 18, 2001
  2. http://www.f-secure.com/v-descs/nimda.shtml
  3. http://seifried.org/lasg/introduction-to-security/

External links