The Nimda Worm

Nimda is another one of many worms to infect the vulnerable Windows operating system. Its method of propagation is rather unique, as it can be distributed via email or a malware infected website. Nimda also seeks out vulnerable web servers to upload malicious code, giving it the ability to infect an entire network. What makes it more complex is the fact that it is the first worm to behave like a virus by infecting other files. The normal behavior of a worm is to only replicate itself and propagate throughout a hard drive or to other machines via email. Nimda is able to spread quickly inserting it's code into EXE. (executable) files on local drives.

How Nimda Works

Nimda's tendency to seek out exploitable servers is something that could possibly create network traffic jam on the internet, similar to the infamous SQL Slammer worm. In some cases, the results of this worm causes a server to completely fail, a condition more commonly known as DoS (denial-of-service) attack. Every computer infected by Nimda increases network traffic all while seeking other systems to infect.

Similar to most worms, Nimda's most common method of distribution is email, usually targeting the Outlook and Outlook Express applications. It arrives in a user's inbox with a file attachment named "README.EXE" which holds the infection, though it can also be contracted just by viewing the preview pane. In older versions of Microsoft Internet Explorer, this worm has the ability to spread the infection simply by reading the message. Although these vulnerabilities were resolved by Microsoft some time ago, several users have still not applied the necessary patches, enabling Nimda to keep spreading.

The Nimda worm mainly targets the Outlook programs, but other email clients have been infected as well. The major difference is that users have to open the attachments for the malicious code to be executed. Sadly, it is a fact that some recipients cannot resist the urge to open these tempting files, thus powering the epidemic of malware. Once infected with Nimda, it will dig into the email addresses in your contact list and recruit others to participate in a DoS attack.

Misconceptions about Nimda

Misconception #1: "Nimda does not infect PC users running Windows 95, 98 or ME."  This is not true. The worm can infect any 32-bit system, including Windows 95, 98, ME, 2000 and NT.

Misconception #2: "Nimda is not distributed through mail clients such Eudora and Netscape Mail."  This is not true either. An infected email can still be sent to those mail servers. If the attachment is opened, the worm will be executed.

Misconception #3: "Anti-virus software will catch all strains of Nimda."  This is partly true, yet many vendors were unable to detect it when first released. It is likely that variants of this worm will be continuously developed, meaning your anti-virus program should be updated on a daily basis.

Prevention

Anti-virus software is always essential when it comes to fighting off worms. More importantly, you should keep your system updated with the latest patches by downloading them from the Microsoft website. Remaining weary of emails is important, as well as cautiously surfing the web. While malware like the Nimda worm are often complex, a few preventive measures will help you elude the best of them.

(0 Comments)
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.