We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Nimda
Detected by Microsoft Defender Antivirus
Aliases: Win32/Nimda.worm.8279 (AhnLab) I-Worm/Nimda.CC (AVG) Win32.Runouce.C@mm (BitDefender) Net-Worm.Win32.Nimda (Kaspersky) Generic.dx (McAfee) W32.Chir.B@mm (Symantec) JS.Chir.B (VirusBuster)
Summary
Win32/Nimda is a family of worms that targets computers running certain versions of Microsoft Windows. The worm exploits the Windows vulnerability described in Microsoft Security Bulletin MS01-020 in order to spread by infecting Web-content documents and attaching itself to e-mails. The worm also spreads by infecting executable files and by copying itself to local folders, network shares, and remote computers through backdoors. The worm compromises security by sharing the C drive and creating a Guest account with administrator permissions.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.
Follow us
