(Redirected from Nimda (computer worm))

Nimda is a malicious file infecting computer worm. It quickly spread, surpassing the economic damage caused by previous outbreaks such as Code Red.

Nimda Virus
Technical nameAvast: Win32:Nimda
Avira: W32/Nimda.eml
BitDefender: Win32.Nimda.A@mm
ClamAV: W32.Nimda.eml
Eset: Win32/Nimda.A
Grisoft: I-Worm/Nimda
Kaspersky: Net-Worm.Win32.Nimda or I-Worm.Nimda
McAfee: Exploit-MIME.gen.ex
Sophos: W32/Nimda-A
Symantec: W32.Nimda.A@mm
TypeMulti-vector worm
Point of originChina (alleged)
Author(s)Multiple authors; one serving prison time [1]
Operating system(s) affectedWindows 95XP
Written inC++[2]

The first released advisory about this thread (worm) was released on September 18, 2001.[3] Due to the release date, exactly one week after the attacks on the World Trade Center and Pentagon, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.

Nimda affected both user workstations (clients) running Windows 95, 98, NT, 2000 or XP and servers running Windows NT and 2000.

The worm's name origin comes from the reversed spelling of "admin".

F-Secure found the text[4] "Concept Virus(CV) V.5, Copyright(C)2001 R.P.China" in the Nimda code, suggesting its country of origin.

Methods of infectionEdit

Nimda was so effective partially because it—unlike other infamous malware like Code Red—uses five different infection vectors:

See alsoEdit


  1. ^ "Ten years on from Nimda". September 17, 2011. Retrieved October 27, 2020.
  2. ^ "Information about the Network Worm "Nimda" | Kaspersky Lab". 2001-09-18. Archived from the original on August 7, 2016. Retrieved 2016-06-04.
  3. ^ CERT first released an advisory on the worm on September 18, 2001
  4. ^ "Net-Worm: W32/Nimda Description | F-Secure Labs". Retrieved 2016-06-04.
  5. ^ "Kurt Seifried - LASG / Introduction to security". Retrieved 2016-06-04.

External linksEdit