Nimda
The Nimda virus is a malicious file-infecting computer worm. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red.
| Technical name | Avast: Win32:Nimda Avira: W32/Nimda.eml BitDefender: Win32.Nimda.A@mm ClamAV: W32.Nimda.eml Eset: Win32/Nimda.A Grisoft: I-Worm/Nimda Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda McAfee: Exploit-MIME.gen.ex Sophos: W32/Nimda-A Symantec: W32.Nimda.A@mm |
|---|---|
| Type | Multi-vector worm |
| Point of origin | China (alleged) |
| Author(s) | Multiple authors; one serving prison time |
| Operating system(s) affected | Windows 95 – XP |
| Written in | C++ |
The first released advisory about this thread (worm) was released on September 18, 2001. Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.
Nimda affected both user workstations (clients) running Windows 95, 98, NT, 2000, or XP and servers running Windows NT and 2000.
The worm's name comes from the reversed spelling of "admin".
F-Secure found the text "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin. However, they also noted that a computer in Canada was responsible for an October 11, 2001 release of infected emails alleging to be from Mikko Hyppönen and Data Fellows (F-Secure's previous name).