Feeds

Ten years on from Nimda: Worm author still at large

The malware which began the Windows megaworm era

The Essential Guide to IT Transformation

Saturday marks the tenth anniversary of the infamous Nimda worm.

Nimda (admin spelled backwards) was a hybrid worm that spread via infected email attachments and across websites running vulnerable versions of Microsoft's IIS web server software. Specifically the malware exploited a folder traversal vulnerability, which was patched by Microsoft a month after the initial outbreak on 18 September 2001.

The infuriating program infected numerous sites across the world, causing significant problems in the process largely as a result of its aggressive spreading techniques. The worm also exploited weak passwords to speed across different machines on local networks. Finally Nimda also spread using back doors left open in the wake of the Code Red II worm outbreak.

Nimda generated copious volumes of extra network traffic as it sought new machines to infect. In addition, the malware infected executables on stricken machines, further complicating the clean-up process.

Hi-tech firms including Microsoft, Dell and NTL were among the victims of Nimda. Michael Lane Thomas, a senior .NET developer evangelist, characterised the fiends behind Nimda as "industrial terrorists" in a hastily withdrawn blog post that appeared about a month after the attack.

Nimda's network bothering came at the start of a Windows worms spate, which began with Code Red in September 2001 and rumbled on to include Slammer in January 2003, Blaster in August 2003 and Sasser in May 2004.

It's still anybody's guess who created Nimda or many of its viral cousins. The only miscreant in the group that actually resulted in an arrest was a Blaster variant that led to the cuffing of Jeffrey Lee Parson (AKA t33kid), then 18, in late August 2003. He was eventually jailed for 18 months.

The era of high-profile noisy megaworms like Nimda has long gone. Nowadays we have to worry more about bot nets, targeted trojans and Stuxnet - the scarily devious and stealthy worm blamed for infecting industrial control systems and sabotaging machinery at an Iranian nuclear plant last year.

The lack of Nimda-style worms is in large part due to security lessons learned during the outbreaks. For instance, Microsoft turned on its firewall by default with Windows XP SP2 in August 2004. Almost all organisations block executable files attached to emails, another sensible precaution that has driven attackers to tricking victims into visiting infected websites or viewing booby-trapped PDF files.

More musings on the Nimda anniversary can be found in a blog post by Paul Ducklin of Sophos here. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.