But the name "Nimda" is of no import. It was picked by the anti-virus people, not by the writer of the worm. In fact, in one of the later Nimda releases, the author of the worm objects to his work being called Nimda; he apparently named it Concept Virus, or CV. (As I recall, there was an earlier virus that had been called Concept Virus, which is why a new name was assigned to this one.)
September 18, 2003
Kaspersky Labs, a leading information security expert, announces the detection of the network worm, I-Worm.Swen. This malicious program spreads via email, the Kazaa file sharing network and IRC channels.
The worm, which goes by a variety of names, including Swen, W32/Swen@MM, Gibe, and W32/Gibe-F, can pose as an e-mail from Microsoft bearing a bogus security update as a file attachment.
October 9, 2003
Two additional variants of this worm have been received by AVERT, created by minor edits of certain strings within the initial worm, and subsequent packing with UPX. Both are already detected as virus or variant W32/Swen@MM with the 4294 DATs or greater. Exact identification of the first (as W32/Swen@MM ) was included in the 4297 DATs. Exact identification of the latter will be included in 4298 DATs. Both of these variants are of filesize 52,224 bytes.
When first launched, the worm accesses the following remote website:
http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacillus&width=6&set=cnt006