Feeds

Ten years on from Nimda: Worm author still at large

The malware which began the Windows megaworm era

Beginner's guide to SSL certificates

Saturday marks the tenth anniversary of the infamous Nimda worm.

Nimda (admin spelled backwards) was a hybrid worm that spread via infected email attachments and across websites running vulnerable versions of Microsoft's IIS web server software. Specifically the malware exploited a folder traversal vulnerability, which was patched by Microsoft a month after the initial outbreak on 18 September 2001.

The infuriating program infected numerous sites across the world, causing significant problems in the process largely as a result of its aggressive spreading techniques. The worm also exploited weak passwords to speed across different machines on local networks. Finally Nimda also spread using back doors left open in the wake of the Code Red II worm outbreak.

Nimda generated copious volumes of extra network traffic as it sought new machines to infect. In addition, the malware infected executables on stricken machines, further complicating the clean-up process.

Hi-tech firms including Microsoft, Dell and NTL were among the victims of Nimda. Michael Lane Thomas, a senior .NET developer evangelist, characterised the fiends behind Nimda as "industrial terrorists" in a hastily withdrawn blog post that appeared about a month after the attack.

Nimda's network bothering came at the start of a Windows worms spate, which began with Code Red in September 2001 and rumbled on to include Slammer in January 2003, Blaster in August 2003 and Sasser in May 2004.

It's still anybody's guess who created Nimda or many of its viral cousins. The only miscreant in the group that actually resulted in an arrest was a Blaster variant that led to the cuffing of Jeffrey Lee Parson (AKA t33kid), then 18, in late August 2003. He was eventually jailed for 18 months.

The era of high-profile noisy megaworms like Nimda has long gone. Nowadays we have to worry more about bot nets, targeted trojans and Stuxnet - the scarily devious and stealthy worm blamed for infecting industrial control systems and sabotaging machinery at an Iranian nuclear plant last year.

The lack of Nimda-style worms is in large part due to security lessons learned during the outbreaks. For instance, Microsoft turned on its firewall by default with Windows XP SP2 in August 2004. Almost all organisations block executable files attached to emails, another sensible precaution that has driven attackers to tricking victims into visiting infected websites or viewing booby-trapped PDF files.

More musings on the Nimda anniversary can be found in a blog post by Paul Ducklin of Sophos here. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.