back to article Ten years on from Nimda: Worm author still at large

Saturday marks the tenth anniversary of the infamous Nimda worm. Nimda (admin spelled backwards) was a hybrid worm that spread via infected email attachments and across websites running vulnerable versions of Microsoft's IIS web server software. Specifically the malware exploited a folder traversal vulnerability, which was …


This topic is closed for new posts.
  1. Abhorsen
    Thumb Up


    Yes, now we have Conficker, Stuxnet, et al.

    I liked Nimda, though, it was clever.

    And I'd argue that at least half the reason people started using browser exploits was because of the notorious ease of heap sprays, and because of the dawn of the Java plugin.

    1. Destroy All Monsters Silver badge

      Dontcha mean...

      ...Microsoft's counteroffer in the plugin space, the "access all areas" ActiveX?

      1. Gene Cash Silver badge

        Don't forget Google

        And their Native Client, thus ensuring I will never use Chrome again. You'd think of all people, they'd know better. But apparently, they Know Better and no one can teach them otherwise.

    2. J. R. Hartley

      Bad request

      Your browser sent a request that this server could not understand.

  2. Anonymous Coward
    Anonymous Coward

    Now that I have spent ten years in hiding perfecting my Nimda worm, it is time to perfect the delivery vehicle. Sharks, with frikkin laser beams on their heads.

    1. mr.K
      Black Helicopters

      Don't panic!

      I am not panicking and I am calling homeland security.

    2. Armando 123


      Sir, we couldn't get the sharks. They're protected.

  3. Anonymous Coward
    Anonymous Coward


    It exploited a vulnerability in some MS software. Where have I heard that before?

  4. Anonymous Coward
    Anonymous Coward

    Remember it well...

    Although it was Code Red which caused all the trouble for my company.

    Luckily it was so unsubtle in its attempt to spread that we noticed the impact on the internal LAN performance and started investigating.

    The boss was so freaked out that he basically handed us techies a blank cheque to make sure nothing like this happened again and we finally got the multiple zone firewall we had been asking for.

    When Nimda joined shortly afterwards we were able to sit back and watch its attempts on the website logs. I remember still seeing attempts turning up in the logs only a few months ago!

  5. Wibble

    On the plus side...

    Whilst the numerous worms did some damage, they did have the effect of teaching Microsoft about security. Prior to that time, security was very much an add-on optional extra.

    Following the outbreak ISTR Gartner came off the fence and recommended that nobody implement IIS. This stung MIcrosoft so badly that they pulled Longhorn (which was probably going to be called XP Server) and had a root & branch code review, sending all their developers on security courses.

    Ten years on, servers and workstations are far more secure by default. Security onfiguration is turned on it's head where you have to have knowledge to turn it off, not as it used to be where you need to be an expert to turn it on.

    So maybe the authors of Nimda were being cruel to be kind?

    1. amanfromMars 1 Silver badge

      For Alien Life in LOVE* ..... and an Alien LOVE Life XSSXXXX CodedD for Dangerous and Volatile.

      "Ten years on, servers and workstations are far more secure by default. Security onfiguration is turned on it's head where you have to have knowledge to turn it off, not as it used to be where you need to be an expert to turn it on"

      Have you any idea how beautifully dangerous that it is and how vulnerable it renders you to remote virtual control of human machinery, with Perfectly Anonymous Legionnaires.

      *Live Operational Virtual Environments

      Control CyberSpace Administer Everything is a Simple Concept Easily Doable. Have you something Easily Doable which which can be added into AI as a Fabulous Attraction .......and Valued Prize Asset in a SMARTer MetaDataBase Mining Operation for MegaPowerful Source Core Lode to Novel Drivers in LOVE ..... with Command and Control and Sublime Administration.

  6. Anonymous Coward
    Anonymous Coward

    Of course he's still at large

    It's not like he murdered anyone or was caught doing something even more serious like sharing music files right?

    Nobody with money got their feelings hurt, so nobody (that can do anything) cares...

    1. Anonymous Coward
      Anonymous Coward


      There were millions of dollars/pounds spent world wide fixing the problem that he caused. Having said that, you post reads like a hissy-fit teenager, so I don't expect you to understand that taking servers down can cost money in terms of money not made. I, however remember a lot of overtime being done at the company I worked for at the time, in order to resolve the problems caused.

      Oh, and don't say it was MS' fault, they may have written the software with the bug, the author of the code is responsible for the exploitation of the problem.

      1. Anonymous Coward
        Anonymous Coward

        Here, let me lend you my dictionary.

        sarcasm (sar·casm). noun /ˈsärˌkazəm/

        1. The use of irony to mock or convey contempt

        * - his voice, hardened by sarcasm, could not hide his resentment

  7. Lord Lien

    This one & the ILOVEYOU...

    ... got me a shed load of overtime back in the day :)

    1. Winkypop Silver badge


      They filled the overtime gulf left after Y2K.

      Good time$$$$$

  8. Anonymous Coward
    Anonymous Coward

    Nimda ? Help get rid of n00b Windows admins

    There were so may crappy Windows admins out there at the time, I remember, that that was a wake-up call for a lot of businesses ... at the time I was working for Symantec and some calls we would get from admins were hilarious ... seriously, most had no feckin' idea!

    All these photoshop guru wannabees turned domain admins! An MCSE is still only a proof of cretinism in most "serious" businesses, you have to have "serious" admin certifications, like UNIX or GNU Linux ...

    1. Boris Winkle

      Symantec you say...

      Well you're right there then ar kid.

      They mustn't have any idea at all...

    2. Alfie

      them were the days...

      MCSE == Must Consult Someone Experienced

      1. William Towle


        > MCSE == Must Consult Someone Experienced

        I always liked "Minesweeper Consultant and Solitaire Expert".

        // YIK, there are probably some for the the linux equivalents as well

  9. This post has been deleted by a moderator

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022