Skip to end of banner
Go to start of banner

CERT/CC, CA-2001-26, 2001: Nimda Worm

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

CA-2001-26: Nimda Worm

Authors

CERT/CC

Year

2001

Identifiers

  • Report #: CA-2001-26

Publication

CERT Division, 2017

Pages

129-136

Abstract

The CERT/CC has received reports of new malicious code known as the "W32/Nimda worm" or the "Concept Virus (CV) v.5." This new worm appears to spread by multiple mechanisms:

* from client to client via email
* from client to client via open network shares
* from web server to client via browsing of compromised web sites
* from client to web server via active scanning for and exploitation of the "Microsoft IIS 4.0 / 5.0 directory traversal" vulnerability (VU #111677)
* from client to web server via scanning for the back doors left behind by the "Code Red II" (IN-2001-09), and "sadmind/IIS" (CA-2001-11) worms

Initial analysis indicates that the worm contains no destructive payload beyond modification of web content to facilitate its own propagation. We are also receiving reports of denial of service as a result of network scanning and email propagation.

(, p. )

Citation

CERT/CC, CA-2001-26, Nimda Worm, 2001, in CERT Division, 2017. 2001 CERT Advisories (No. DM17- 0052).

  • No labels

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.