Nettime mailing list archives

[Nettime-ro] new worm alert
calin on Wed, 19 Sep 2001 13:40:43 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Nettime-ro] new worm alert


A new worm named W32/Nimda-A (known aliases are Nimda, Minda, Concept
V, Code Rainbow) began to proliferate the morning of September 18,
2001 on an extremely large scale that targets the Microsoft Windows

This worm takes advantage of multiple vulnerabilities and backdoors.
The worm spreads via e-mail and the web.  Through the e-mail vector,
the worm arrives in the users inbox as a message with a variable
subject line.  The e-mail contains an attachment named 'readme.exe'.
This worm formats the e-mail in such a way as to take advantage of a
hole in older versions of Internet Explorer.  Outlook mail clients use
the Internet Explorer libraries to display HTML e-mail, so by
extension Outlook and Outlook Express are vulnerable as well, if
Internet Explorer is vulnerable.  The hole allows the readme.exe
program to execute automatically as soon as the e-mail is previewed or

Users of Internet Explorer and/or Outlook (Express) will need to apply
the latest security patches:

Microsoft Security Bulletin MS01-020

Microsoft Security Bulletin MS01-026

Microsoft Security Bulletin MS00-078

Microsoft IIS Lockdown Tool:

You can also dump Outlook and switch to a more secure mail client,
which is a better, and permanent solution, IMNSHO. :)

For more information, see the following antivirus vendor sites:

Symantec W32.Nimda.A {AT} mm
http://www.symantec.com/avcenter/venc/data/w32.nimda.a {AT} mm.html

McAfee W32/Nimda {AT} MM

Sophos W32/Nimda-A

Nettime-ro mailing list
Nettime-ro {AT} nettime.org
arhiva: http://extra.waag.org/pipermail/nettime-ro