CERT: Nimda Reports Slowing Down
- By Scott Bekker
- September 24, 2001
Nimda worm-related activity is tapering off, according to the computer security watchdog group CERT.
"The CERT/CC continues to receive a steady stream of reports of W32/Nimda although the volume of reports has dropped significantly since it first appeared on [Sept. 18]," the group said in a statement on its Web site.
Nimda, formally called W32/Nimda@MM, is a sophisticated worm that wreaked havoc on computer networks last week.
The worm was able to infect Windows systems along several vectors.
According to CERT, Nimda could spread from client to client via e-mail, from client to client via open network shares, from Web server to client through browsing of compromised Web sites, from client to Web server by scanning for and exploiting old vulnerabilities in IIS 4.0 and IIS 5.0, and from client to Web server by scanning for back doors left behind by Code Red III and sadmind/IIS.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.