----- Original Message -----
From: "Solomon Eisenberg" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 18, 2001 4:29 PM
Subject: New Virus Warning
> Hey guys...I pulled this off of CNN.com after the company I work at got
> infected. It's a bad one. All you need to do is visit an infected
website
> to get it.
>
> A girl here downloaded a song it was attached to from morpheous and
> imediatly every computer on our network was also infected. Shitty thing is
> that there is no fix for it yet...
>
> WASHINGTON (CNN) -- The FBI is investigating a new computer worm that
> surfaced Tuesday and is considered so aggressive that computer security
> experts urged people not to surf the Web until they have updated their
> antivirus programs.
>
> Internet users could infect their computers simply by visiting an infected
> Web page, experts warned. What's unusual about this worm, dubbed "Nimda,"
is
> that it can be activated in many different ways. Nimda can be triggered
> through some well-known actions, such as clicking on an e-mail attachment
or
> running an executable program. The ability to spread through a compromised
> Web page is unusual.
>
> But some aspects of this worm should serve as red flags.
>
> "An e-mail with gibberish in the subject line, or an attachment on a blank
> e-mail just about cries out, 'Hey, open me, I'm a virus," Steve Demogines,
> director of tech support for Panda Software, told CNN on Tuesday.
>
> The FBI's National Infrastructure Protection Center is investigating the
> case with the cooperation of industry organizations, officials told CNN.
One
> federal law enforcement official said there was no indication the worm may
> be related to terrorism, but that it was too early to know the origin of
the
> Internet attack. The worm was first reported about 9 a.m. EDT from a site
in
> Norway, Vincent Gullotto, head virus fighter at McAffee.com, told The
> Associated Press.
>
> "Nimda" is similar to "Code Red," but security experts warned it could do
> more damage because it is more likely to affect more computers. "Code Red
"
> attacked only servers and through only one security hole.
>
> By comparison, the new worm can affect any desktop computer or server
> running Microsoft Windows software, said Peter Tippett, of the computer
> security firm TruSecure. It exploits a flaw in the e-mail program Outlook
> Express and it tries to wriggle in through 16 known vulnerabilities in
> Microsoft's Internet Information Services software (IIS) 4 or 5, including
> the security hole "Code Red II" left in some computers.
>
> "Nimda" may masquerade as a sound or .wav file. When a user opens the
> underlying file, called "readme.exe," the program opens the computer's
hard
> drive, allowing the computer to be accessed by third parties via the
> Internet, explained Dan Ingevaldson, of Internet Security Systems. The
worm
> can also e-mail itself to everyone in the user's computer-based address
> book. Ingevaldson said experts are still trying to determine whether the
> worm directly harms hard drives.
>
> Demogines of Panda Software said the problems seen as of Tuesday relates
to
> productivity rather than any specific destruction of files.
>
> "Customers' servers are bogged down, their executables are not working,
they
> can't get to their files, which means they basically can't do their work,"
> he told CNN.
>
> Last week, after the terrorist attacks on the World Trade Center and
> Pentagon, the FBI warned there could be an increase in hacking incidents.
> The agency urged computer users to update antivirus software and security
> patches and to be cautious online.
>
> The Associated Press & Reuters contributed to this report.
>
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
