The attachment is now sample.exe The dropped dll is httpodbc.dll Worm is dropped into system directory as csrss.exe (was mmc.exe).
McAfee says it will be detected by existing DAT patterns. Phil --------------------------------------------- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: 30 October 2001 13:09 > To: Exchange Discussions > Subject: FW: Trend Micro Medium Risk Virus Alert - PE_NIMDA.E > > > FYI.... > > -----Original Message----- > From: Trend Virus Info [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 29, 2001 10:04 PM > To: Martin Blackstone > Subject: Trend Micro Medium Risk Virus Alert - PE_NIMDA.E > > > Trend Micro Medium Risk Virus Alert - PE_NIMDA.E > > Dear Trend Micro Customer: > > PE_NIMDA.E is a fast-spreading Internet worm and file infector that > arrives via email, as an attachment called SAMPLE.EXE. It employs > various infection mechanisms and exploits several known > vulnerabilities. > > > Like the original variant, PE_NIMDA.A, it has four modes of > propagation: > through email, through network shared drives, through un-patched IIS > servers, and through file infection. > > The main difference between this variant and PE_NIMDA.A are > the names of > three of its dropped files. However, similar to the original variant, > the names of the dropped executables are names of valid system files. > > PE_NIMDA.E is detected by pattern file #161 or #961. > > For more information on PE_NIMDA.E please visit our Web site at: > http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName =PE_NIMDAE ************************************************************************ ************** You are receiving this email from Trend Micro, because you have either downloaded a Trend Micro product or have signed up for our "Virus Alerts." If you would like to change the way you receive email from Trend Micro please make changes in your account page at http://www.antivirus.com/subscriptions/default.asp?email=mblackstone@sup erioraccess.net To UNSUBSCRIBE go to: http://www.antivirus.com/subscriptions/default.asp?format=unsubscribe For questions regarding viruses, please contact the Virus Doctor at [EMAIL PROTECTED] For questions regarding products, please contact Tech Support at [EMAIL PROTECTED] ************************************************************************ *************** _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]