The NIMDA Worm
Code Red meets I Love You

It was just over two months ago that the Code Red I and II worms hit the Internet, exploiting a vulnerability in Microsoft's IIS software. And it was well over two years ago that viruses started to self-propagate via e-mail.

Today we are experiencing the Nimda worm. Nimda is more potent than any single previous virus/worm because it takes advantage of more flaws. Nimda has four separate and distinct propagation vectors by exploiting vulnerabilities in IIS, Internet Explorer, and MAPI e-mail clients. Nimda moves from host-to-host, client-to-Web server, and Web server-to-client. When Code Red came out, many wondered if it was a proof-of-concept. Nimda makes all these other things look like a dress rehearsal.

This presentation provides an overview of the Nimda Worm, describes how it works, and offers suggested ways in which to protect your sites. URLs are also provided for Internet sites with information and patches.

Return to Presentations Menu

Gary Kessler

Gary Kessler

Gary C. Kessler is Assistant Professor and program coordinator of the Computer Networking major at Champlain College in Burlington, VT. He is also a consultant specializing in issues related to computer and network security, Internet and TCP/IP protocols and applications, e-commerce, and telecommunications technologies and applications. He was formerly a Senior Network Security Analyst at SymQuest Group, a network integration consulting company in South Burlington, VT and Director of Information Technology at Hill Associates, an international telecommunications training firm with headquarters in Colchester, VT. Gary is a frequent speaker at industry conferences, has written 2 books and over 55 articles on a variety of technology topics, and is an instructor both for his own classes on TCP/IP, network security, and related topics and for the SANS Institute ( He holds a B.A. in Mathematics, an M.S. in Computer Science, and is a CCNA. He is married and has two children. More information can be found at

Copyright, Credits, and Disclaimers

Copyright, 2001 - Distributed Networking Associates. All portions of this presentation are copyrighted by Distributed Networking Associates and/or the organization credited as the source of information. All forms of reproduction and/or recording, including photocopying, tape recording, and video taping are strictly prohibited without the express prior written permission of Distributed Networking Associates. Clipart used may include images from Corel, Broderbund, and IMSI.

Professional Opinions - All information presented and opinions expressed by Distributed Networking are the current opinions of Distributed Networking based on professional judgment and best available information at the time of presentation. Consequently, the information is subject to change, and no liability for advice presented is assumed. Ultimate responsibility for choice of appropriate solutions remains with the Customer.

Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at