The Nimda Worm
Nimda is another one of many worms to infect the vulnerable Windows operating system. Its method of propagation is rather unique, as it can be distributed via email or a malware infected website. Nimda also seeks out vulnerable web servers to upload malicious code, giving it the ability to infect an entire network. What makes it more complex is the fact that it is the first worm to behave like a virus by infecting other files. The normal behavior of a worm is to only replicate itself and propagate throughout a hard drive or to other machines via email. Nimda is able to spread quickly inserting it's code into EXE. (executable) files on local drives.
How Nimda Works
Nimda's tendency to seek out exploitable servers is something that could possibly create network traffic jam on the internet, similar to the infamous SQL Slammer worm. In some cases, the results of this worm causes a server to completely fail, a condition more commonly known as DoS (denial-of-service) attack. Every computer infected by Nimda increases network traffic all while seeking other systems to infect.
Similar to most worms, Nimda's most common method of distribution is email, usually targeting the Outlook and Outlook Express applications. It arrives in a user's inbox with a file attachment named "README.EXE" which holds the infection, though it can also be contracted just by viewing the preview pane. In older versions of Microsoft Internet Explorer, this worm has the ability to spread the infection simply by reading the message. Although these vulnerabilities were resolved by Microsoft some time ago, several users have still not applied the necessary patches, enabling Nimda to keep spreading.
The Nimda worm mainly targets the Outlook programs, but other email clients have been infected as well. The major difference is that users have to open the attachments for the malicious code to be executed. Sadly, it is a fact that some recipients cannot resist the urge to open these tempting files, thus powering the epidemic of malware. Once infected with Nimda, it will dig into the email addresses in your contact list and recruit others to participate in a DoS attack.
Misconceptions about Nimda
Misconception #1: "Nimda does not infect PC users running Windows 95, 98 or ME." This is not true. The worm can infect any 32-bit system, including Windows 95, 98, ME, 2000 and NT.
Misconception #2: "Nimda is not distributed through mail clients such Eudora and Netscape Mail." This is not true either. An infected email can still be sent to those mail servers. If the attachment is opened, the worm will be executed.
Misconception #3: "Anti-virus software will catch all strains of Nimda." This is partly true, yet many vendors were unable to detect it when first released. It is likely that variants of this worm will be continuously developed, meaning your anti-virus program should be updated on a daily basis.
Prevention
Anti-virus software is always essential when it comes to fighting off worms. More importantly, you should keep your system updated with the latest patches by downloading them from the Microsoft website. Remaining weary of emails is important, as well as cautiously surfing the web. While malware like the Nimda worm are often complex, a few preventive measures will help you elude the best of them.
Post a comment