Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST
W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]