PE_NIMDA.E - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

PE_NIMDA.E

Overview

Solution

Technical Details

Malware type: Worm

Aliases: Net-Worm.Win32.Nimda.e (Kaspersky), W32/Nimda.gen@MM (McAfee), W32.Nimda.E@mm (Symantec), W32/Nimda (Avira), W32/Nimda-D (Sophos),

In the wild: Yes

Destructive: Yes

Language: English

Platform: Windows

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		High

Description:

PE_NIMDA.E is a fast-spreading Internet worm and file infector that arrives via email, as an attachment called SAMPLE.EXE. It employs several infection mechanisms and exploits several known vulnerabilities. Similar to the original variant, PE_NIMDA.A, it has four modes of propagation: through email, through network shared drives, through unpatched IIS servers, and through file infection.

The main difference beween this variant and PE_NIMDA.A are the names of three of its dropped files. However, similar to the original variant, the name of the dropped executables are names of valid system files.

For additional information about this threat, see:
Solution
Technical Details

Description created: Oct. 29, 2001 3:30:00 PM GMT -0800
Description updated: Oct. 31, 2001 10:55:00 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.