The NIMDA Worm

The NIMDA Worm
Code Red meets I Love You

Posted: 09/20/2001

Abstract:

It was just over two months ago that the Code Red I and II worms hit the Internet, exploiting a vulnerability in Microsoft's IIS software. And it was well over two years ago that viruses started to self-propagate via e-mail.

Today we are experiencing the Nimda worm. Nimda is more potent than any single previous virus/worm because it takes advantage of more flaws. Nimda has four separate and distinct propagation vectors by exploiting vulnerabilities in IIS, Internet Explorer, and MAPI e-mail clients. Nimda moves from host-to-host, client-to-Web server, and Web server-to- client. When Code Red came out, many wondered if it was a proof-of-concept. Nimda makes all these other things look like a dress rehearsal.

This presentation provides an overview of the Nimda Worm, describes how it works, and offers suggested ways in which to protect your sites. URLs are also provided for Internet sites with information and patches.

Gary Kessler

Gary C. Kessler is Assistant Professor and program coordinator of the Computer Networking major at Champlain College in Burlington, VT. He is also a consultant specializing in issues related to computer and network security, Internet and TCP/IP protocols and applications, e- commerce, and telecommunications technologies and applications. He was formerly a Senior Network Security Analyst at SymQuest Group, a network integration consulting company in South Burlington, VT and Director of Information Technology at Hill Associates, an international telecommunications training firm with headquarters in Colchester, VT. Gary is a frequent speaker at industry conferences, has written 2 books and over 55 articles on a variety of technology topics, and is an instructor both for his own classes on TCP/IP, network security, and related topics and for the SANS Institute (http://www.sans.org). He holds a B.A. in Mathematics, an M.S. in Computer Science, and is a CCNA. He is married and has two children. More information can be found at http://www.garykessler.net/.

http://www.webtorials.com/main/eduweb/security/tutorial/nimda/index.htm

Click here for your free registration for Webtorials.Com.