Articles - A lesson called Nimda
A lesson called Nimda - the implications - September 20 2001
A virus you can get just by visiting a web page... yeh, right...
But then it happened.
A web master and surfer's nightmare became real.
I visited one of my regular destinations after receiving various notifications from associates regarding a new, particularly nasty virus. I clicked refresh on the browser toolbar and Norton's AV jumped up on my screen (thankfully) to warn me it had intercepted the Nimda virus, aka W32.Nimda.A@mm.
Nimda has brought down many servers in our area. The global cost will be huge. As I type this article, my firewall, which has been very active over the last couple of months thanks to the many servers that are infected with Code Red, is going absolutely insane. A few months ago, I would get pretty uptight if I had 10 probe warnings in a day, most of them caused by "Script Kiddies" (see Related Articles at the end of this article). Now I'm getting that in a few minutes at times - thanks to a combination of Nimda and Code Red. While these probes are harmless to my machine, it is slowing the Internet down as these viruses broadcast looking for other servers to compromise.
So it's happened. What is this the precursor to? The virus contains the string : Concept Virus (CV) V.5, Copyright (C) 2001 R.P.China. The term "Concept Virus" may suggest that someone was testing the waters for something bigger and better. Whether it is from China or not is immaterial, all I know is that this virus is not a sign of good things to come.
What makes the writer of this virus an even sicker human being in my opinion is the fact that Nimda was released one week to the day of the World Trade Center terrorist attack in America. The Internet has provided a valuable line of communications during this time for many people wanting information on the progress of the investigation and the global implications. Many others stayed glued to their monitors hoping to find some news of loved ones. And then some psycho decides to slow down the Internet... good one you freak, whoever you are! I hope you are caught, publicly humiliated and then locked up for the rest of your life!
Rumours have sprung up as to the intentions of this virus, but I will not discuss that here, there is enough unrest in the world at present. At this point in time, none of the rumours have any foundation in fact, it's all merely speculation.
The facts of the situation are that:
According to CERT:
"If you are running a vulnerable version of Internet Explorer (IE), the CERT/CC recommends upgrading to at least version 5.0 since older versions are no longer officially maintained by Microsoft. Users of IE 5.0 and above are encourage to apply patch for the "Automatic Execution of Embedded MIME Types" vulnerability available from Microsoft at
Microsoft encourages users of IE 5.01 and 5.5 to use patches available from:
Internet Explorer 5.01
Internet Explorer 5.5
- The virus can be transmitted via email, from what I can gather at this stage, it seems to be confined to Microsoft Outlook & Outlook Express users. Be extremely wary of any attachments, and I suggest sending all your email in plain text instead of html and encourage others communicating with you to do the same.
- Nimda infects Windows based servers with certain vulnerabilities. Once a server is infected, it then looks for other servers.
- When a server is infected, it tries to spread itself through network shares.
What is certain is that gone are the days of cruising the net without your anti virus program in "paranoid" mode. Up until a few days ago, I would only run my AV software on files I downloaded, or to check email attachments. The overhead caused on computer systems by running AV software is pretty chronic. It slows things down. I was careful, so I felt I didn't have to worry. Not any more! I'm just thankful that my business systems were not infected. I am also lucky that my sites are not hosted on Windows based servers, which are popular targets for virus writers.
The other issue that is created by this situation is from a legal aspect. Nimda may set a precedent.
Company A has many business dealings with Company B. Staff of Company A visit Company B's web site regularly. Company B is infected with Nimda. Company A becomes infected after visiting Company B's site; their systems are taken off line for 3 days - the company sustains financial losses as their communications are effected and the whole IT team is deployed to deal with the situation.
Could Company A successfully sue Company B?
Roboform is a top-rated Password Manager - PC Magazine Editor's Choice,
& CNET Download.com's Software of the Year. Encrypt passwords
using AES, Blowfish, RC6, 3-DES or 1-DES algorithms Free
What a wonderful world...
Site and Email Disclaimers:
Script Kiddies, Vermin of the Internet:
The SANS Institute: http://www.incidents.org
Computer Associates: http://ca.com/virusinfo/
Nortons (Symantec): http://www.symantec.com/
CERT: http://www.cert.org/advisories/ CA-2001-26.html
Taming the Beast
Tutorials, web content, tools and software.
Web Marketing, Internet Development & Ecommerce Resources
Copyright information.... This article is free for reproduction but must be
reproduced in its entirety & this copyright statement must be included.
for free Internet marketing and web development articles, tutorials and
tools! Subscribe for free to our popular ecommerce/web design ezine!
Click here to view article index