Nimda


Nimda

An extremely effective denial-of-service worm that takes advantage of numerous security loopholes in Microsoft's Web server (IIS) and browser (IE) software. Meaning "admin" backwards, Nimda usurps disk space in both clients and servers by depositing unwanted files in local folders and network shares and attaching itself to executables.

Nimda infects vulnerable IIS servers by adding a line of JavaScript to common Web pages that, when browsed by any user on a client machine, cause a virus file (README.EXE) within an Outlook .EML file to be downloaded and executed automatically. Users must have Outlook installed for this bizarre event to work. Introduced in September 2001 and affecting more than a million machines, Nimda propagates to other servers via FTP and to other users by using its own SMTP forwarding engine to send the virus to all the mail recipients that it finds. It also makes the hard disks in the server sharable for anyone. Nimda-A was the first release of the virus and uses README.EXE and README.EML files. Nimda-B, released shortly thereafter, uses PUTA!!.SCR and PUTA!!.EML files instead. See Web Server Folder Traversal and MIME exploit.