Subject: | |
From: | |
Reply To: | |
Date: | Tue, 18 Sep 2001 15:32:33 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
W32.Nimda.A@mm
Discovered on: September 18, 2001
Last Updated on: September 18, 2001 at 11:47:40 AM PDT
Symantec Security Response has received a number of submissions on
W32.Nimda.A.@mm and is rating it as a Category 4.
W32.Nimda.A@mm is a new mass-mailing worm that utilizes multiple methods
to spread itself. The worm sends itself out by email, searches for open
network shares, and attempts to copy itself to unpatched Microsoft IIS
web servers. The worm does this using the Unicode Web Traversal exploit.
A patch and information regarding this exploit can be found at
http://www.microsoft.com/technet/security/bulletin/ms00-078.asp.
Users visiting compromised web servers will be prompted to download an
.EML (Outlook Express) email file, which contains the worm as an
attachment.
Also, the worm will create an open network share on the infected machine
allowing access to the system.
Type: Worm
Infection Length: 57344
Virus Definitions: September 18, 2001
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
|
|
|