Tech Time Warp: Nimda worm slows traffic with multiple propagation methods
In this week’s Tech Time Warp, we look back to September 2001. While the world was reeling from the 9/11 terrorist attacks, hackers unleashed a new threat: a worm that could modify existing websites to trick users into downloading malware.
That malware was called “Nimda,” or “admin” spelled backward. Reports of Nimda and its effects began appearing in discussion groups on Sept. 18, 2001. The worm attacked machines running Windows 95, 98, and 2000, as well as Windows NT and XP. Nimda’s payload was further propagation. It slowed traffic as it spread. And spread it did, by exploiting a known weakness in Microsoft’s Internet Information Server. Nimda scanned IP addresses looking for that weakness. When found, Nimda would cause that system to begin reading websites with an embedded JavaScript that would automatically execute. That code would then spread to all other webpages on the server. Those using older versions of Internet Explorer would download webpages with the JavaScript.
Once on a machine, Nimda would spread by sending an email with an infected attachment—a webpage containing, you guessed it, the bad JavaScript—to everyone in the user’s address book. Although not visible without examining the code itself, Nimda contained the following language in its code: “Concept Virus(CV) V.5, Copyright(C)2001 R.P.China.”
With so many means of replicating itself, Nimda was difficult to remove. At the time, most antivirus tools either removed or quarantined infected files, but Nimda was insidious. The worm created guest accounts with admin rights and modified critical files and registry keys. Network administrators had to remove infected systems from networks to reformat their hard drives, reinstall software, and apply security patches. The Nimda experience brought about the realization that cybersecurity can’t take place at just one gateway but needs to be present at every access point, ushering in the era of multiple layers of security.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: wk1003mike / Shutterstock