[Nettime-ro] new worm alert

calin on Wed, 19 Sep 2001 13:40:43 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Nettime-ro] new worm alert

To: <nettime-ro@nettime.org>
Subject: [Nettime-ro] new worm alert
From: <calin@euronet.nl>
Date: Wed, 19 Sep 2001 13:36:27 +00200 (MET DST)
List-Id: Romenian Nettime list <nettime-ro.nettime.org>
Reply-To: nettime-ro@nettime.org
Sender: nettime-ro-admin@nettime.org
User-Agent: Euronet Webmail 1.1

Hi,

A new worm named W32/Nimda-A (known aliases are Nimda, Minda, Concept
V, Code Rainbow) began to proliferate the morning of September 18,
2001 on an extremely large scale that targets the Microsoft Windows
platform.

This worm takes advantage of multiple vulnerabilities and backdoors.
The worm spreads via e-mail and the web.  Through the e-mail vector,
the worm arrives in the users inbox as a message with a variable
subject line.  The e-mail contains an attachment named 'readme.exe'.
This worm formats the e-mail in such a way as to take advantage of a
hole in older versions of Internet Explorer.  Outlook mail clients use
the Internet Explorer libraries to display HTML e-mail, so by
extension Outlook and Outlook Express are vulnerable as well, if
Internet Explorer is vulnerable.  The hole allows the readme.exe
program to execute automatically as soon as the e-mail is previewed or
read.

Users of Internet Explorer and/or Outlook (Express) will need to apply
the latest security patches:

Microsoft Security Bulletin MS01-020
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

Microsoft Security Bulletin MS01-026
http://www.microsoft.com/technet/security/bulletin/MS01-026.asp

Microsoft Security Bulletin MS00-078
http://www.microsoft.com/technet/security/bulletin/MS00-078.asp

Microsoft IIS Lockdown Tool:
http://www.microsoft.com/technet/itsolutions/security/tools/locktool.asp

You can also dump Outlook and switch to a more secure mail client,
which is a better, and permanent solution, IMNSHO. :)

For more information, see the following antivirus vendor sites:

Symantec W32.Nimda.A@mm
http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

McAfee W32/Nimda@MM
http://vil.nai.com/vil/virusSummary.asp?virus_k=99209

Sophos W32/Nimda-A
http://www.sophos.com/virusinfo/analyses/w32nimdaa.html



_______________________________________________
Nettime-ro mailing list
Nettime-ro@nettime.org
http://extra.waag.org/mailman/listinfo/nettime-ro
-->
arhiva: http://extra.waag.org/pipermail/nettime-ro

Prev by Date: [Nettime-ro] romania aural experimentala :)
Next by Date: [Nettime-ro] petition
Prev by thread: [Nettime-ro] romania aural experimentala :)
Next by thread: [Nettime-ro] petition
Index(es):
- Date
- Thread