.... Internet marketing resources, ecommerce web site design tutorials
  Taming the Beast - quality web marketing and ecommerce development services .... .


Return to web marketing and ecommerce articles index

Articles - A lesson called Nimda

A lesson called Nimda - the implications - September 20 2001

A virus you can get just by visiting a web page... yeh, right...

But then it happened. 

A web master and surfer's nightmare became real.

I visited one of my regular destinations after receiving various notifications from associates regarding a new, particularly nasty virus. I clicked refresh on the browser toolbar and Norton's AV jumped up on my screen (thankfully) to warn me it had intercepted the Nimda virus, aka W32.Nimda.A@mm.

Nimda has brought down many servers in our area. The global cost will be huge. As I type this article, my firewall, which has been very active over the last couple of months thanks to the many servers that are infected with Code Red, is going absolutely insane. A few months ago, I would get pretty uptight if I had 10 probe warnings in a day, most of them caused by "Script Kiddies" (see Related Articles at the end of this article). Now I'm getting that in a few minutes at times - thanks to a combination of Nimda and Code Red. While these probes are harmless to my machine, it is slowing the Internet down as these viruses broadcast looking for other servers to compromise.

So it's happened. What is this the precursor to? The virus contains the string : Concept Virus (CV) V.5, Copyright (C) 2001 R.P.China. The term "Concept Virus" may suggest that someone was testing the waters for something bigger and better. Whether it is from China or not is immaterial, all I know is that this virus is not a sign of good things to come.

What makes the writer of this virus an even sicker human being in my opinion is the fact that Nimda was released one week to the day of the World Trade Center terrorist attack in America. The Internet has provided a valuable line of communications during this time for many people wanting information on the progress of the investigation and the global implications. Many others stayed glued to their monitors hoping to find some news of loved ones. And then some psycho decides to slow down the Internet... good one you freak, whoever you are! I hope you are caught, publicly humiliated and then locked up for the rest of your life!

Rumours have sprung up as to the intentions of this virus, but I will not discuss that here, there is enough unrest in the world at present. At this point in time, none of the rumours have any foundation in fact, it's all merely speculation.

The facts of the situation are that:

- You can "catch" this virus through visiting a site that is hosted on an infected server. The virus process adds Javascript code to pages on a compromised server, which opens a new browser window containing an infectious email message as soon as your browser calls for the page. You can avoid infection by disabling active scripting in Internet Explorer. Please note that by doing this you will also have problems in accessing sites using Javascript and VBscript, which will impair their functionality and in some cases render them useless when viewed in your browser.

According to CERT:

"If you are running a vulnerable version of Internet Explorer (IE), the CERT/CC recommends upgrading to at least version 5.0 since older versions are no longer officially maintained by Microsoft. Users of IE 5.0 and above are encourage to apply patch for the "Automatic Execution of Embedded MIME Types" vulnerability available from Microsoft at

http://www.microsoft.com/technet/ security/bulletin/MS01-020.asp"

Microsoft encourages users of IE 5.01 and 5.5 to use patches available from:

Internet Explorer 5.01
http://www.microsoft.com/windows/ie/ download/critical/q295106/default.asp

Internet Explorer 5.5
http://www.microsoft.com/windows/ie/ download/critical/q299618/default.asp 

- The virus can be transmitted via email, from what I can gather at this stage, it seems to be confined to Microsoft Outlook & Outlook Express users. Be extremely wary of any attachments, and I suggest sending all your email in plain text instead of html and encourage others communicating with you to do the same.

- Nimda infects Windows based servers with certain vulnerabilities. Once a server is infected, it then looks for other servers.

- When a server is infected, it tries to spread itself through network shares.

What is certain is that gone are the days of cruising the net without your anti virus program in "paranoid" mode. Up until a few days ago, I would only run my AV software on files I downloaded, or to check email attachments. The overhead caused on computer systems by running AV software is pretty chronic. It slows things down. I was careful, so I felt I didn't have to worry. Not any more! I'm just thankful that my business systems were not infected. I am also lucky that my sites are not hosted on Windows based servers, which are popular targets for virus writers.

The other issue that is created by this situation is from a legal aspect. Nimda may set a precedent. 


Company A has many business dealings with Company B. Staff of Company A visit Company B's web site regularly. Company B is infected with Nimda. Company A becomes infected after visiting Company B's site; their systems are taken off line for 3 days - the company sustains financial losses as their communications are effected and the whole IT team is deployed to deal with the situation.

Could Company A successfully sue Company B?

RoboForm: Free Password Manager

Free Password Manager
Roboform is a top-rated Password Manager - PC Magazine Editor's Choice, & CNET Download.com's Software of the Year. Encrypt passwords using AES, Blowfish, RC6, 3-DES or 1-DES algorithms Free software download!

It's probably time all of us who run web sites revise our "terms of use" and "disclaimer" notices.....it's definitely time to ensure that our AV scanners are up to date with the latest virus signature files.

What a wonderful world... 

Related articles:

Nimda Alert: 
http://www.tamingthebeast.net/articles/ nimdavirus.htm

Site and Email Disclaimers: 
http://www.tamingthebeast.net/articles/ legaldisclaimer.htm

Script Kiddies, Vermin of the Internet: 
http://www.tamingthebeast.net/articles/ scriptkiddies.htm

Virus resources:

The SANS Institute: http://www.incidents.org
Computer Associates: http://ca.com/virusinfo/ 
Nortons (Symantec): http://www.symantec.com/ 
McAffee: http://www.mcaffee.com/
CERT: http://www.cert.org/advisories/ CA-2001-26.html

Michael Bloch
Taming the Beast
Tutorials, web content, tools and software.
Web Marketing, Internet Development & Ecommerce Resources

Copyright information.... This article is free for reproduction but must be reproduced in its entirety & this copyright statement must be included. Visit http://www.tamingthebeast.net  for free Internet marketing and web development articles, tutorials and tools! Subscribe for free to our popular ecommerce/web design ezine!

Click here to view article index 

Online meeting & webinar software review
Powerful, easy to use collaboration tools that can help improve your marketing sales and training efforts. Learn more about these services in this review & try a free trial!

The best shopping cart software
Our reviews of some of the best shopping carts around - free ecommerce solutions  through to premium services offering affiliate programs, marketing modules & online soft goods delivery.  Shopping cart software guide 

Autoresponder software/mailing list manager
 Read our beginners guide and reviews of all-in-one autoresponder & email marketing software solutions.

Credit card transaction fraud screening!  Effective fraud screening is an essential part of running an online businesses. Fraud transactions cost you money and can threaten your merchant account. Pick up a stack of transaction screening tips in this free guide! 

Need some advice/tools for writing/creating a web design, development or marketing proposal?






Get paid cash taking online surveys - free to join online 
survey companies that will pay you cash for your opinion!

In Loving Memory - Mignon Ann Bloch

copyright (c) 1999-2011  Taming the Beast  Adelaide - South Australia 

Profile - Contact - Privacy - Consultants Portfolio 

Search Site - Terms of Service - Social/environmental