W32/Nimda-A worm A new worm named W32/Nimda-A (known aliases are Nimda, Minda, Concept Virus, Code Rainbow) began to proliferate the morning of September 18, 2001 on an extremely large scale. It utilizes multiple IIS vulnerabilities to propagate via the web, and Outlook and Outlook Express vulnerabilities to distribute itself through email.

It spreads through three different means; as an email attachment, a web defacement download, and by directly targeting machines by exploiting known IIS vulnerabilities such as the ones exploited by Code Red and Code Blue. There has been one report thus far of an Apache Server crashing due to Nimda terminating httpd processes. No further corroboration has been made that this worm may have in the inadvertent affect of creating a denial of service condition on Apache Servers.

Multiple sources have confirmed that this worm consumes a large amount of bandwidth and impairs performance on web servers as a result. It should be noted that this worm began to proliferate almost exactly a week since the terrorist activities began to take place in the United States.

Leave a Reply

Your email address will not be published.

Enter Captcha Here : *

Reload Image