The Nimda Virus

Home
ABC
Tips & Hints
Archive
Links
Search
Services
Contact

19 September 2001

The Nimda Virus can infect your computer through just viewing a web page or the preview screen of the popular e-mail readers. For Windows 2000/NT servers it also uses the tricks of the Code Red virus. Because it uses a number of ways of spreading this virus is going to become very common.

How does it spread?

As usual the virus will try to send itself to every address in the infected computer’s e-mail inbox . On an infected IIS (Internet Information Server) system, it will search for and infect any html files named index, readme or main, meaning anyone visiting that site’s home page is at risk.

A victim may receive an e-mail with an infected attachment called readme.exe or an infected website will try to download an infected e-mail called readme.eml. On a network with an infected server, the infected machine will probe other machines for potential victims.

What damage does it do?

The virus itself is more a security risk than a direct threat to your computer. The biggest risk to home users is that an infected machine will share its hard drives with the world. For those with IIS enabled Windows 2000/NT computers the virus will create a new user account and give itself administrator privileges. This can give a hacker complete control of a server. Another risk to networks is that the sheer volume of traffic generated by the virus will swamp the network.

How to avoid it?

  1. If a box appears asking you to open readme.exe or readme.eml when reading mail or browsing the web, cancel or refuse the prompt. Check our guide for avoiding dangerous virus attachments for other nasties you shouldn't open.
  2. Change your security settings for Outlook/Outlook Express to the Restricted Internet settings and customise the settings for maximum security.
  3. Get an anti-virus program and keep it up to date. There is no point in buying a program and then not keeping it up to date. The newest programs have automatic update programs. If the program you currently have doesn’t update properly get a new one.
  4. Keep your system up to date with the latest patches. The Windows update website will run an automatic routine to update your Internet Explorer. A specific update to Internet explorer to stop this bug is also available from Microsoft.

For More information

CERT advisory

McAfee Virus Information

Symantec Anti-virus Centre

F-Secure

PC Rescue Pty Ltd
Suite 236, 4 Young Street Neutral Bay NSW 2089
ABN 082 635 765
ŠTechnology Publishing Australia, 2011