Feeds

back to article Ten years on from Nimda: Worm author still at large

Saturday marks the tenth anniversary of the infamous Nimda worm. Nimda (admin spelled backwards) was a hybrid worm that spread via infected email attachments and across websites running vulnerable versions of Microsoft's IIS web server software. Specifically the malware exploited a folder traversal vulnerability, which was …

COMMENTS

This topic is closed for new posts.
Thumb Up

Worms...

Yes, now we have Conficker, Stuxnet, et al.

I liked Nimda, though, it was clever.

And I'd argue that at least half the reason people started using browser exploits was because of the notorious ease of heap sprays, and because of the dawn of the Java plugin.

2
0
Silver badge
Meh

Dontcha mean...

...Microsoft's counteroffer in the plugin space, the "access all areas" ActiveX?

5
1
Silver badge
Facepalm

Don't forget Google

And their Native Client, thus ensuring I will never use Chrome again. You'd think of all people, they'd know better. But apparently, they Know Better and no one can teach them otherwise.

3
3

Bad request

Your browser sent a request that this server could not understand.

0
0
Anonymous Coward

Now that I have spent ten years in hiding perfecting my Nimda worm, it is time to perfect the delivery vehicle. Sharks, with frikkin laser beams on their heads.

8
1
Black Helicopters

Don't panic!

I am not panicking and I am calling homeland security.

1
0

*ahem*

Sir, we couldn't get the sharks. They're protected.

0
0
Anonymous Coward

Hmm

It exploited a vulnerability in some MS software. Where have I heard that before?

2
1
Anonymous Coward

Remember it well...

Although it was Code Red which caused all the trouble for my company.

Luckily it was so unsubtle in its attempt to spread that we noticed the impact on the internal LAN performance and started investigating.

The boss was so freaked out that he basically handed us techies a blank cheque to make sure nothing like this happened again and we finally got the multiple zone firewall we had been asking for.

When Nimda joined shortly afterwards we were able to sit back and watch its attempts on the website logs. I remember still seeing attempts turning up in the logs only a few months ago!

2
0
Holmes

On the plus side...

Whilst the numerous worms did some damage, they did have the effect of teaching Microsoft about security. Prior to that time, security was very much an add-on optional extra.

Following the outbreak ISTR Gartner came off the fence and recommended that nobody implement IIS. This stung MIcrosoft so badly that they pulled Longhorn (which was probably going to be called XP Server) and had a root & branch code review, sending all their developers on security courses.

Ten years on, servers and workstations are far more secure by default. Security onfiguration is turned on it's head where you have to have knowledge to turn it off, not as it used to be where you need to be an expert to turn it on.

So maybe the authors of Nimda were being cruel to be kind?

5
0
Silver badge

For Alien Life in LOVE* ..... and an Alien LOVE Life XSSXXXX CodedD for Dangerous and Volatile.

"Ten years on, servers and workstations are far more secure by default. Security onfiguration is turned on it's head where you have to have knowledge to turn it off, not as it used to be where you need to be an expert to turn it on"

Have you any idea how beautifully dangerous that it is and how vulnerable it renders you to remote virtual control of human machinery, with Perfectly Anonymous Legionnaires.

*Live Operational Virtual Environments

Control CyberSpace Administer Everything is a Simple Concept Easily Doable. Have you something Easily Doable which which can be added into AI as a Fabulous Attraction .......and Valued Prize Asset in a SMARTer MetaDataBase Mining Operation for MegaPowerful Source Core Lode to Novel Drivers in LOVE ..... with Command and Control and Sublime Administration.

1
3
Anonymous Coward

Of course he's still at large

It's not like he murdered anyone or was caught doing something even more serious like sharing music files right?

Nobody with money got their feelings hurt, so nobody (that can do anything) cares...

0
1
Anonymous Coward

meh...

There were millions of dollars/pounds spent world wide fixing the problem that he caused. Having said that, you post reads like a hissy-fit teenager, so I don't expect you to understand that taking servers down can cost money in terms of money not made. I, however remember a lot of overtime being done at the company I worked for at the time, in order to resolve the problems caused.

Oh, and don't say it was MS' fault, they may have written the software with the bug, the author of the code is responsible for the exploitation of the problem.

1
1
Anonymous Coward

Here, let me lend you my dictionary.

sarcasm (sar·casm). noun /ˈsärˌkazəm/

1. The use of irony to mock or convey contempt

* - his voice, hardened by sarcasm, could not hide his resentment

0
1
Pirate

This one & the ILOVEYOU...

... got me a shed load of overtime back in the day :)

0
0
Silver badge
Trollface

Indeed

They filled the overtime gulf left after Y2K.

Good time$$$$$

1
1
Anonymous Coward

Nimda ? Help get rid of n00b Windows admins

There were so may crappy Windows admins out there at the time, I remember, that that was a wake-up call for a lot of businesses ... at the time I was working for Symantec and some calls we would get from admins were hilarious ... seriously, most had no feckin' idea!

All these photoshop guru wannabees turned domain admins! An MCSE is still only a proof of cretinism in most "serious" businesses, you have to have "serious" admin certifications, like UNIX or GNU Linux ...

1
2
Joke

Symantec you say...

Well you're right there then ar kid.

They mustn't have any idea at all...

0
0
Happy

them were the days...

MCSE == Must Consult Someone Experienced

3
0

@Alfie

> MCSE == Must Consult Someone Experienced

I always liked "Minesweeper Consultant and Solitaire Expert".

// YIK, there are probably some for the the linux equivalents as well

0
0

This post has been deleted by a moderator

This topic is closed for new posts.