The Nimda Virus
One of the most complex and dangerous viruses ever was the Nimda virus, in September 2001. Nimda became the most widespread virus in the world a mere 22 minutes after it was released. Nimda was as powerful as it was because it knew so many different ways of infecting a system. First, it spread itself through email, with a built-in SMTP routine. It would search the infected hard drive for email addresses and send itself to them. It used a bug in Microsoft Outlook that would cause the system to be infected just by viewing the email.
Second, it checked for shared network drives. Any time it found a drive that it could write itself to, it scattered copies of itself all across the drive. These files were often the first sign that a system on the network was infected. Third, it would attempt to infect web servers through several different known bugs. Any server that wasn’t completely up to date on patches was in danger of infection.
Fourth, once the server was infected, it would infect web sites. Any visitor to an infected site could be infected, depending on IE security settings. And, since it was attacking from the server, it could find it’s way to corporate intranet sites, not just public internet sites. And finally, it would attempt to infect any systems that had previously been attacked by either the Code Red II or the Sadmind viruses. Both viruses opened security holes on the systems they infected, and Nimda would try to use them. Nimda set records for virus tactics. It sent emails that infected on viewing, and put copies of those emails on network drives in the hopes that someone would open them and infect their system. It infected via website, and it even infected servers. Nimda was an ingenious and vicious program that was difficult to destroy.
Computer Macro Articles
Computer Macro Books