Last significant update: 18 September, 2001
This information can be freely reproduced in any medium, as long as the information is unmodified.
On 18 September, a new worm, named W32/Nimda@MM a.k.a Minda or Nimbda, appeared on the Internet. Like CodeRed, Nimda is a threat is to IIS servers -- but since it can infect files, it is also a threat to end users. Since Nimda sends itself by email as well as via the network, users may see it in their mailboxes -- unlike CodeRed.
At the time of this writing, the worm has not been fully examined by antivirus companies; most have released special definitions by now to cover this new threat. In fact, our vendor made 4 different drivers available during the 18th, and it is possible that we may see further improvements in the days ahead.
Also, the 4160 drivers for VirusScan, released in the evening on 18 September, have Nimda detection included; they are available on our web site at the U-M VirusScan Download Page.
For a list of patches to Microsoft products that Nimda tries to exploit, see
Microsoft TechNet's security page (leaving our
site)Hint: This may give you some idea about the inherent insecurity
of a particular software vendor's line of products.
You can find more information on W32/Nimda@MM here
at NAI's virus library (leaving our site)
For this particular worm, I suggest that you provide a pointer to this URL
(http://www.umich.edu/~virus-busters/nimda.html)
-BPB
For virus or hoax info, please see our main page (http://www.umich.edu/~virus-busters/)
or go to another reputable site, like your antivirus vendor for virus info, or The Urban Legends Reference Pages (leaving our site) for urban legends and hoaxes.
Last updated:
Wednesday, 02-Jan-2002 13:35:06 EST.
University of Michigan Virus Busters - virus.busters@umich.edu
visits to this page since 18 September 2001 15:49 EST