[email protected]

Aliases: I-Worm.Nimda, I-Worm.Nimda.E, Nimda, Nimda.c, Nimda.d
Variants: W32/[email protected], PE_NIMDA.A, I-Worm.Nimda, W32/Nimda-A, Win32.Nimda.A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Fast
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 18 Sep 2001
Damage: Medium

Characteristics: [email protected] is another member of mass-mailing worm family; the only difference is that it makes use of several methods to propagate itself. Reports say that there is no notable increase in its activities due to the re-activation of the emailing routine after its initial ten day sleep period.

More details about [email protected]

The method through which this worm propagates itself are the following: it sends itself by email, searches for open network shares, attempts to copy itself to un-patched or already vulnerable Microsoft IIS Web servers, and infects both local files and files on remote network shares. This may steal private information on the compromised computer. This information may lead to the hands of the black market. Confidential email messages and or usernames and passwords can also be sold in the Internet. The worm may also record keystrokes and take screenshots of your computer. It may also steal or change passwords and/or file password, credit card numbers, banking information and personal data.

This program allegedly tries to open up an access point in the system. It is through this access point that an intruder would be able to gain control of the infected computer. According to various reports, after the [email protected] program has created an access point, the hacker could start tampering with the affected computer. He could further aggravate the security of the system by turning off all of the security applications. It is possible for the intruder to monitor the activities of the user and even read his email messages.