Raising the Stakes: How NIMDA Represents an Increased Threat to the Integrity of Enterprise Networks

In the course of recovering from NIMDA, I found that a complete picture of NIMDA was elusive. The anti-virus companies, security information clearinghouses, and my colleagues seemed to be learning more about the virus with each passing day and each new source I explored seemed to bring some new feature to light, while missing some other features completely. After several long days, I was able to recover my network intact, but the experience left me in awe of this virus. Our network has been on the Internet since 1995 so I've seen my share of hacks and attacks, but NIMDA seemed, and still seems, different. Its comprehensiveness and persistence led me to understand that we are seeing a greater threat to the integrity of enterprise networks than ever before and that a solid and vigilant network security architecture has become an essential element of systems management. In this paper, I'd like to demonstrate this fact by reviewing just how dangerous and effective the NIMDA virus is, and how it represents a significant threat to the integrity of enterprise networks. My goal here is not to outline a series of steps for recovering from a NIMDA attack, but rather to discuss in some detail the features that make NIMDA so effective.