Computer Security Wiki
  • Net-Worm.Win32.Nimda (Kaspersky Lab)
  • Exploit-MIME.gen.exe (McAfee)
  • W32.Nimda.enc (Symantec)
  • Trojan.IframeExec (Doctor Web)
  • W32/Nimda-A (Sophos)
  • HTML/IFrame_Exploit* (RAV)
  • Archive Contains Infected Items (Trend Micro)
  • W32/Nimda.eml (Avira)
  • Win32:Nimda (ALWIL)
  • I-Worm/Nimda (AVG)
  • Win32.Nimda.A@mm (BitDefender)
  • W32.Nimda.eml (ClamAV)
  • Exploit/iFrame (Panda)
  • Win32/Nimda.A (Eset)
Type Worm
Affected platform/s Microsoft Windows

Nimda is a computer worm, and is also a file infector observed in the Internet on September 18, 2001. It quickly spread, eclipsing the economic damage caused by past outbreaks such as Code Red. Multiple propagation vectors allowed Nimda to become the Internet’s most widespread virus/worm within 22 minutes. Due to the release date, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.

This is a virus-worm that spreads via the Internet attached to infected e-mails, and copies itself to shared directories over a local network, and also attacks vulnerable IIS machines (Web sites). The worm itself is a Windows PE EXE file about 57Kb in length, and is written in Microsoft C++.[1]

In order to run from an infected message, the worm exploits a security breach. The worm then installs itself to the system, and runs a spreading routine and payload.

The worm contains the following "copyright" text string:

Concept Virus(CV) V.5, Copyright(C)2001 R.P.China


External links[]