Nimda

In: Computers and Technology

Submitted By JoeB20
Words 328
Pages 2
Nimda is a computer virus that starting infecting computers on September 18, 2001. It had multiple ways of infecting computers; computers running Microsoft’s Web server, Internet Information Server, and e-mail attachments. Its object was to slow down traffic like a bottleneck affect. This process is also known as a DoS (Denial-of-Service) attack. The name came from an “admin dll” file that continues to circulate the virus when ran. The Nimda virus randomly probes each IP address within a selected range. Its objective is to find weaknesses, like backdoors. If it finds a way in; it will cause the exposed IIS Web server to read an embedded JavaScript that will make the virus circulate to all of the Web pages on that server. When user’s visit the affected sites from the Web server they unknowingly download pages with the embedded script; and then this gives the virus a way to spread to other computers throughout the internet. Users can also be infected within the Web server’s own internal network through network shares. Nimda was also circulating through e-mails’ with a “readme exe” attachment sent to peoples e-mail. Once the user opens the e-mail it causes the virus to circulate more. There are some preventative methods server administrators and end users can to. Administrators can apply patches that Microsoft has provided for past viruses and implement rules that do not allow users to check e-mails at the server. Users can keep their browsers up to date, and do not open e-mails with a “readme exe” attachment.
If you have to keep the system running you can disconnect from the internet and restore or reformat the system, then make sure you have the most recent patches. Finally run an antivirus cleaner and re-scan it; if it passes then you can reconnect it to the network.

References

Rouse, “NIMDA.” Last modified September 2005.…...

Similar Documents

Course Project 1-3

...Impact of Malicious Virus Attacks Viruses and other malicious virus attacks are growing in number and so is the cost incurred by companies, government organizations, and private individuals to clean up systems and get them back into working order. Malicious virus attacks include worms and viruses of all types. The following table shows the Computer Economics analysis of the worldwide economic impact of malicious virus attacks. Data is provided for specific high profile incidents by year.(Table1) Economic impact includes the costs to eliminate the virus, clean and restore systems, lost revenue, and the impact on worker productivity. Table 1. Year | Virus Name | Worldwide Economic Impact (U.S. Dollars) | Cyber AttackIndex 1-10 | 2001 | Nimda | $635 million | 0.73 | 2001 | Code Red | $2.62 billion | 2.99 | 2001 | SirCam | $1.15 billion | 1.31 | 2000 | Love Bug | $8.75 billion | 10.00 | 1999 | Melissa | $1.10 billion | 1.26 | 1999 | ExploreZip | $1.02 billion | 1.17 | Incidents that occurred after the Love Bug attack in May 2000 had less economic impact, primarily because the process of cleaning up virus damage has been highly automated since that attack. The Computer Economics Cyber Attack Index shows the relative economic impact of specific incidents in relationship to the Love Bug outbreak that occurred in 2000 and to date remains the incident with the greatest economic impact. The Love Bug attack has a rating of 10 and all other attacks are rated......

Words: 1329 - Pages: 6

Student

...9999 999 99 9 11 1 00000000 0000000 00000 0000 000 00 0987654321 987654321 87654321 7654321 654321 54321 4321 321 21 12 fuck zzzzz zzzz zzz xxxxx xxxx xxx qqqqq qqqq qqq aaaaa aaaa aaa sql file web foo job home work intranet controller killer games private market coffee cookie forever freedom student account academia files windows monitor unknown anything letitbe letmein domain access money campus default foobar foofoo temptemp temp testtest test rootroot root adminadmin mypassword mypass pass Login login Password password passwd zxcvbn zxcvb zxccxz zxcxz qazwsxedc qazwsx q1w2e3 qweasdzxc asdfgh asdzxc asddsa asdsa qweasd qwerty qweewq qwewq nimda administrator Admin admin a1b2c3 1q2w3e 1234qwer 1234abcd 123asd 123qwe 123abc 123321 12321 123123 1234567890 123456789 12345678 1234567 123456 12345 1234 123 | Spreading via removable storage media The worm copies its executable file to all removable media under the following name: <X>:\RECYCLER\S-<%d%>-<%d%>-%d%>-%d%>-%d%>-%d%>-%d%>\<rnd>.vmx, In addition to its executable file, the worm also places the file shown below in the root of every disk: <X>:\autorun.inf This file will launch the worm's executable file each time Explorer is used to open the infected disk. Payload When launched, the worm injects its code in the......

Words: 1158 - Pages: 5

Fdess

...executable DLL files, e.g. User32.dll, Kernel32.dll) – Creates interface to OS for issuing commands – Should not appear in an e-mail attachment Hands-On Ethical Hacking and Network Defense, Second Edition 8 Macro Viruses • Virus encoded as a macro – Programs that support a macro programming language (e.g., Visual Basic for Applications) • Lists of commands • Can be used in destructive ways – Example: Melissa • Appeared in 1999 • Even nonprogrammers can create macro viruses – Instructions posted on Web sites • Security professionals learn from thinking like attackers Hands-On Ethical Hacking and Network Defense, Second Edition 9 Worms • Replicates and propagates without a host – Infamous examples: • Code Red (covered in lab activity) • Nimda and Confficker • Theoretically can infect every computer in the world over a short period – Examples: • Slammer and Nachi ATM worm attacks Hands-On Ethical Hacking and Network Defense, Second Edition 10 Table 3-2 Common computer worms Hands-On Ethical Hacking and Network Defense, Second Edition 11 Table 3-2 Common computer worms (cont’d.) Hands-On Ethical Hacking and Network Defense, Second Edition 12 Trojan Programs • Insidious attack against networks and computers – Disguise themselves as useful programs – Can install backdoors (or rootkits) • Allow attackers remote access • Good software or hardware firewall – Identifies traffic on unfamiliar ports • Trojan programs can use known ports – TCP port 80 (HTTP) or UDP......

Words: 1394 - Pages: 6

Ad Password Policys

...established the importance of password and some of the ways in which they may be vulnerable to cracking; we can discuss ways of creating good strong passwords in creating strong effective passwords it is often helpful to keep in mind some of the approaches by which they may be cracked, so let’s begin with what NOT to do when choosing passwords. As has already been mentioned, password cracking tools are very in effect at processing large quantities of letter and number combinations until a match for the password is found, as such users should avoid using predictable words as passwords. By the same token, they should also avoid regular words with numbers tacked onto the end and conventional words that are simply written backwards, such as ‘nimda’. While these may prove to be difficult for people to figure out, they are no match for the brute force attacks of password cracking tools. One of the frustrating things about passwords is that they need to be easy for users to remember. Naturally, this leads many users to incorporate personal information into their passwords. A strong, effective password requires a necessary degree of complexity. Three factors can help users to develop this complexity: length, width & depth. Length means that the longer a password, the more difficult it is to crack. Simply put, longer is better. Windows, for example, is not always case sensitive; meaning it doesn’t know the difference between ‘A’ and ‘a’. Some operating systems allow control......

Words: 969 - Pages: 4

Checkpoint Week 8

...or IM Worm, is a self replication malicious code that is spread by using instant messaging networks. They are usually spread by instant messaging networks such as Yahoo Messaging or other similar IM’s, and they infect users accounts, searches the user’s contact info and sends the virus to each contact. File – Sharing networks Worms – is a worm that copies itself into a shared folder under a harmless name and sits until it’s downloaded onto the network a it spreads the infected file. Internet Worms – are virus’ that scan the internet for vulnerable computers. The virus will make attempts to connect to the machines until they gain full access and infect files, folders, and hard disk. The virus I picked in week 7 was the “NIMDA” virus. The category I would put Put my virus in is an Exposure Threat. The virus was deliberate and sensitive information was released or accessed due to the virus. Reference Stallings, W. (2009). Business Data Communications (6th ed.). Retrieved from The University of Phoenix eBook Collection database....

Words: 420 - Pages: 2

It School Work

...security levels, such general users, a group of users working on a secret research project, and a group of executives. a. Multilayered firewall b. Screened subnet firewall c. Border firewall d. Ordinary firewall 38. Which of the following would you not expect to find on a large network? a. Router b. Switch c. Hub d. Firewall 39. Which of the following is a weakness of WLANs? a. WPA b. RF shielding c. User groups d. SSID beaconing 40. Identify an advantage of IPv6 over IPv4. a. More secure b. Larger address space c. IPSec support d. More commonly used 41. Identify one of the first computer viruses to appear in the world. a. Nimda b. ILOVEYOU (aka Loveletter) c. Lehigh d. Code Red 42. Which of the following is not a primary type of computer attack? a. Structured b. Specific c. Direct d. Indirect 43. How do worms propagate to other systems? a. Through file infection b. As a result of a program flaw c. Through the network service d. By user’s consent 44. Which of the following type of program is also commonly referred to as a Trojan horse? a. Keystroke logger b. Backdoor c. Spam d. Worm 45. Which defense-in-depth layer involves the use of chokepoints? a. Network b. Application c. Operating system d. None of the above 46. How does a......

Words: 1594 - Pages: 7

Quiz 2

...programs that end users interact with? Application, Network, Physical, Data Link 37. Identify the configuration that is best for networks with varying security levels, such general users, a group of users working on a secret research project, and a group of executives. Multilayered firewall, Screened subnet firewall, Border firewall, Ordinary firewall 38. Which of the following would you not expect to find on a large network? Router, Switch, Hub, Firewall 39. Which of the following is a weakness of WLANs? WPA, RF shielding, User groups, SSID beaconing 40. Identify an advantage of IPv6 over IPv4. More secure, Larger address space, IPSec Support, More commonly used 41. Identify one of the first computer viruses to appear in the world. Nimda, ILOVEYOU(aka Loveletter) Lehigh, Code Red 42. Which of the following is not a primary type of computer attack? Structured, Specific, Direct, Indirect 43. How do worms propagate to other systems? Through file infection, As a result of a program flaw, Through the Network service, By user’s consent 44. Which of the following type of program is also commonly referred to as a Trojan Horse? Keystroke logger, backdoor, spam, worm 45. Which defense-in-depth layer involves the use of chokepoints? Network, Application, Operating system, none of the above 46. How does a standard differ from a compliance law? Every standard must be followed, A law can require a standard to be met, Fewer people are affected by laws than standards, every......

Words: 562 - Pages: 3

Management

...include Macromedia’s Flash Player and Shockwave Player, Apple’s QuickTime Player, and RealNetworks’ RealPlayer. Viruses, Worms, and Antivirus Software A virus is software that attaches itself to another program and can cause damage when the host program is activated. A worm is a type of virus that replicates itself on the computers that it infects. Worms can spread quickly through the Internet. A macro virus is a type of virus that is coded as a small program, called a macro, and is embedded in a file. In 2001, the incidences of virus and worm attacks increased. With more than 40,000 reported security violations occurring that year, the parade of attacks included Code Red and Nimda virus-worm combinations, each affecting millions of computers and costing billions of dollars to clean up. Both Code Red and Nimda are examples of a multivector virus, so called because they can enter a computer system in several different ways (vectors). Even though Microsoft issued security patches that should have stopped the Code Red virus-worm, it continued to propagate throughout the Internet in 2002. Both the original Code Red virus and a variant called Code Red 2 infected thousands of new computers during the year. Issues Box: Online criminals using worm to hook accounts Once the province of young mischief-makers, computer worms and viruses are fast becoming a tool used by criminal gangs to harvest money from the Internet by spreading spam, stealing credit cards, blackmailing......

Words: 5468 - Pages: 22

Nt2580 Introduction to Information Security

...Network Physical Data Link 37. Identify the configuration that is best for networks with varying security levels, such general users, a group of users working on a secret research project, and a group of executives. a. b. c. d. Multilayered firewall Screened subnet firewall Border firewall Ordinary firewall 38. Which of the following would you not expect to find on a large network? a. b. c. d. Router Switch Hub Firewall 39. Which of the following is a weakness of WLANs? a. b. c. d. WPA RF shielding User groups SSID beaconing 40. Identify an advantage of IPv6 over IPv4. a. b. c. d. More secure Larger address space IPSec support More commonly used 41. Identify one of the first computer viruses to appear in the world. a. b. c. d. Nimda ILOVEYOU (aka Loveletter) Lehigh Code Red © ITT Educational Services, Inc. All Rights Reserved. -9- 02/12/2012 NT2580 Introduction to Information Security STUDENT COPY: FINAL EXAM 42. Which of the following is not a primary type of computer attack? a. b. c. d. Structured Specific Direct Indirect 43. How do worms propagate to other systems? a. b. c. d. Through file infection As a result of a program flaw Through the network service By user’s consent 44. Which of the following type of program is also commonly referred to as a Trojan horse? a. b. c. d. Keystroke logger Backdoor Spam Worm 45. Which defense-in-depth layer involves the use of chokepoints? a. b. c. d. Network Application Operating system None of......

Words: 658 - Pages: 3

Network Systems Administration

...d. Data Link 37. Identify the configuration that is best for networks with varying security levels, such general users, a group of users working on a secret research project, and a group of executives. a. Multilayered firewall b. Screened subnet firewall c. Border firewall d. Ordinary firewall 38. Which of the following would you not expect to find on a large network? a. Router b. Switch c. Hub d. Firewall 39. Which of the following is a weakness of WLANs? a. WPA b. RF shielding c. User groups d. SSID beaconing 40. Identify an advantage of IPv6 over IPv4. a. More secure b. Larger address space c. IPSec support d. More commonly used 41. Identify one of the first computer viruses to appear in the world. a. Nimda b. ILOVEYOU (aka Loveletter) c. Lehigh d. Code Red NT2580 Introduction to Information Security STUDENT COPY: FINAL EXAM © ITT Educational Services, Inc. All Rights Reserved. - 10 - 02/12/2012 42. Which of the following is not a primary type of computer attack? a. Structured b. Specific c. Direct d. Indirect 43. How do worms propagate to other systems? a. Through file infection b. As a result of a program flaw c. Through the network service d. By user’s consent 44. Which of the following type of program is also commonly referred to as a Trojan horse? a. Keystroke logger b. Backdoor c. Spam d. Worm 45. Which defense-in-depth layer involves the use of chokepoints? a. Network b. Application c. Operating......

Words: 606 - Pages: 3

Internet

...org/wiki/Timeline_of_computer_viruses_and_worms (2) http://home.mcafee.com/virusinfo/glossary?ctst=1 Computer viruses have become more elaborate during the ensuing years. Even the scope has changed: from teenagers who create malware for random mayhem to organised professionals, part of criminal groups or working for foreign governments or intelligence agencies bringing potential damage and destruction. One of the most destructive was a malware called “I love you” that not only compromised millions of computers masquerading as a love letter, but to date is also the only virus that even compromised the Pentagon and the CIA in the USA. The record in terms and destruction is however held by a virus combined with a worm and a Trojan together called “Nimda”, infecting computers within 22 minutes since it was unleashed on September 18, 2011 after the WTC and the Pentagon terrorist attacks, leading to speculation that it was connected to Al Qaeda. The “Slammer” was released in 2005 and quickly infected 75,000 machines. Computer viruses are not the only threat nowadays. The variety of internet threats to watch-out for have increased along with more modern technology, to the point that big criminal gangs are able to steal personal information including credit card numbers unsuspiciously. The following is a list of other potential risks: * Computer worms are programs that replicate themselves and plant a destructive code onto other systems. They can infect through e-mail attachments......

Words: 4402 - Pages: 18

Hisrory of Internet

... • Viruses • Network worms • Trojans • Spyware / Adware • Other Malware • Other Threats Viruses, worms and Trojan horses: A virus is a program that replicates itself, usually by attaching itself to other files and program. A worm is a program that does not infect other programs but makes copies of itself. Trojan horse programs do not replicate nor make copies of themselves, but rely on other “manual” method of distribution. We use the term “Virus” on this page to cover all forms of infections. Virus are spread in a variety of ways. Some Examples: • Email attachments (such as klez, Badtrans, myparty) • Instant messages links and attachments (such as Aplore) • Compromised web services (such as Nimda) • Usenet news groups • Internet relay Chart channels • Floppy diskettes • File downloads (many backdoor Trojans are embedded with other files) All viruses are different. Some activate on a certain day, but remain dormant until then. Others being the attack as soon as the machine has been infected. Viruses can be very damaging and some are just annoying. More than 1,00,000 known viruses exists in the world today several hundred new Viruses are discovered every month Protecting from viruses: A good way to protect yourself is to have virus protection program and keep it up-to-date. Before running a download from an unknown site, or opening an email attachment, always be sure to scan it to ensure that it is not......

Words: 1333 - Pages: 6

Thomas Halpin

...37. Identify the configuration that is best for networks with varying security levels, such general users, a group of users working on a secret research project, and a group of executives.  a. Multilayered firewall  b. Screened subnet firewall  c. Border firewall  d. Ordinary firewall 38. Which of the following would you not expect to find on a large network?  a. Router  b. Switch  c. Hub  d. Firewall  39. Which of the following is a weakness of WLANs?  a. WPA  b. RF shielding  c. User groups  d. SSID beaconing  40. Identify an advantage of IPv6 over IPv4. a. More secure  b. Larger address space  c. IPSec support  d. More commonly used  41. Identify one of the first computer viruses to appear in the world.  a. Nimda  b. ILOVEYOU (aka Loveletter)  c. Lehigh  d. Code Red 42. Which of the following is not a primary type of computer attack?  a. Structured  b. Specific  c. Direct  d. Indirect  43. How do worms propagate to other systems?  a. Through file infection  b. As a result of a program flaw  c. Through the network service  d. By user’s consent  44. Which of the following type of program is also commonly referred to as a Trojan horse?  a. Keystroke logger  b. Backdoor  c. Spam  d. Worm  45. Which defense-in-depth layer involves the use of chokepoints?  a. Network  b. Application  c. Operating system  d. None of the above  46. How does a standard differ from a compliance law?  a. Every standard......

Words: 1362 - Pages: 6

Malware

...particular vulnerabilities or a set of vulnerabilities. Exploits are sometimes used to demonstrate to a company the security flaws in its systems, so they are not always done with malicious intent but they are still classified as malware and are pretty common. In Exploit attacks, the computer could be turned into a zombie or bot in order to perform other malicious attacks. Blended attacks. Retrieved from http://www.google.com/images?rlz=1T4ADFA_enUS391US392&q=virus+clipart&um=1&ie=UTF 8&source=univ&sa=X&ei=nOx7TfqZEoXorAGvu5zCBQ&ved=0CDMQsAQ&biw=1174&bih=463 A blended attack is the use of malware for multiple infection or transmission methods; the Nimda worm is an example. Blended attacks maximize the speed and severity of the attack. These attacks are sometimes known as a package that includes many other types of malware. Nimda used four distribution methods to attack: E-mail, Windows Shares and through Web Servers and Web clients. Adware. Retrieved from http://www.123rf.com/photo_7026796_shareware-software-bundle.html Adware is considered to be the least dangerous and its classification is controversial. Adware can be considered a subcategory of spyware because adware displays advertisements on a computer and tracks personal information for third parties. It is not a criminal offence since the information collected only gives details of web sites visited. Adware can be installed with or without the users consent. Since adware can be installed if the user......

Words: 3874 - Pages: 16

Bpo Cyber Security

...of the 676,000 accounts using names and Social Security numbers obtained by the bank employees while they were at work. The information was then allegedly sold to more than 40 collection agencies and law firms. Lembo used his home as an office for DRL Associates and that he hired the upper level bank employees to access data, including names, account numbers and balances, from the banks. The bank employees worked for Wachovia Corp., Bank of America Corp., Commerce Bancorp Inc. and PNC Bank NA. Lembo, who was also charged with narcotics, forgery and theft counts, faces up to 130 years in prison and $1.47 million in fines Microsoft suffered a $400 million loss due to a two-month delay in releasing Windows 2003 due to attacks from viruses 'Nimda' and 'Code Red', In the US , thieves hacked into a DSW Shoe Warehouse database and stole card details of 1.4m credit cards. Read more: http://www.ukessays.com/essays/information-technology/network-security-in-business-process-outsourcing-information-technology-essay.php#ixzz3uG22v6Iu ...

Words: 1616 - Pages: 7