Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

CA-2001-26: Nimda Worm

Authors

CERT/CC

Year

2001

Identifiers

  • Report #: CA-2001-26

Pages

129-136

Abstract

The CERT/CC has received reports of new malicious code known as the "W32/Nimda worm" or the "Concept Virus (CV) v.5." This new worm appears to spread by multiple mechanisms:

* from client to client via email
* from client to client via open network shares
* from web server to client via browsing of compromised web sites
* from client to web server via active scanning for and exploitation of the "Microsoft IIS 4.0 / 5.0 directory traversal" vulnerability (VU #111677)
* from client to web server via scanning for the back doors left behind by the "Code Red II" (IN-2001-09), and "sadmind/IIS" (CA-2001-11) worms

Initial analysis indicates that the worm contains no destructive payload beyond modification of web content to facilitate its own propagation. We are also receiving reports of denial of service as a result of network scanning and email propagation.

(CERT Division, 2017, p. 129)

Citation

CERT/CC, CA-2001-26, Nimda Worm, 2001, in CERT Division, 2017. 2001 CERT Advisories (No. DM17- 0052).