CA-2001-26: Nimda Worm
Authors
CERT/CC
Year
2001
Identifiers
Report #: CA-2001-26
Publication
Pages
129-136
Abstract
The CERT/CC has received reports of new malicious code known as the "W32/Nimda worm" or the "Concept Virus (CV) v.5." This new worm appears to spread by multiple mechanisms:
* from client to client via email
* from client to client via open network shares
* from web server to client via browsing of compromised web sites
* from client to web server via active scanning for and exploitation of the "Microsoft IIS 4.0 / 5.0 directory traversal" vulnerability (VU #111677)
* from client to web server via scanning for the back doors left behind by the "Code Red II" (IN-2001-09), and "sadmind/IIS" (CA-2001-11) wormsInitial analysis indicates that the worm contains no destructive payload beyond modification of web content to facilitate its own propagation. We are also receiving reports of denial of service as a result of network scanning and email propagation.
(CERT Division, 2017, p. 129)
Links
Citation
CERT/CC, CA-2001-26, Nimda Worm, 2001, in CERT Division, 2017. 2001 CERT Advisories (No. DM17- 0052).