Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Networking

    Nimda Worm Running Rampant on Web

    By
    Jim Rapoza
    -
    September 18, 2001
    Share
    Facebook
    Twitter
    Linkedin

      The anticipated follow-up to the Code Red worm attacks got under way Tuesday with a far-reaching outbreak of W32.Nimda infestations. The aggressive worm, which seeks 16 vulnerabilities in Microsoft Corp.s IIS software, is thought to have infected thousands to tens of thousands of Web servers and slowed Internet traffic for many more, according to security experts.

      The massive spread of Nimda came as the FBI issued renewed warnings about cyber-terrorism in the wake of last weeks attacks on New York and Washington. Officials at the FBIs NPIC (National Infrastructure Protection Center) said Tuesday that a group of hackers calling themselves The Dispatchers claimed they had already begun network operations against information infrastructure components such as routers. According to the FBI, The Dispatchers claimed to be targeting communications and finance.

      “There is the opportunity for significant collateral damage to any computer network and telecommunications infrastructure that does not have current countermeasures in place,” NPIC officials said in a statement. “The Dispatchers claim to have over 1,000 machines under their control for the attacks. It is likely that the attackers will mask their operations by using the IP addresses and pirated systems of uninvolved third parties.”

      An FBI spokesman declined to connect the Dispatchers warning with the Nimda outbreak.

      W32.Nimda. is a double-threat, operating as a hybrid between a virus and a worm. Like Code Red, it attempts to take over IIS systems by utilizing known security holes in the Web server. However, while Code Red used only one security hole, W32.Nimda makes over 16 attempts on a system trying different exploits and in one server log eWEEK Labs saw it appear to try over 20 GET attempts on a server it was attacking.

      The program is also spreading itself through e-mail through an attachment called readme.exe. If an Outlook client is not set to high security settings the virus can spread itself using the Outlook clients address book. Filtering out .exe files at the mail server should prevent the spread of W32.Nimda in this manner.

      Probably the most unique way in which W32.Nimda spreads itself is through the Web server of an infected system. Once W32.Nimda infects an IIS system, it downloads a dll and gains administrative access. Compromised servers may then display a Web page prompting a visitor to download an Outlook file that contains the worm as an attachment, according to Eric Chien, program manager at Symantec Corp. in Cupertino, Calif. According to an alert on www.incidents.org, reports are that Internet Explorer 5.x will automatically execute the file, which is called readme.eml.

      Nimda also uses the traditional method of propagating through network shares. It looks for shares that allow access to the Guest account with no password required.

      Avatar
      Jim Rapoza
      Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×