Thanks. It's killing us. NAI seems to have numerous update, as well as, MS.
Some get fixed, some don't. Half the network is down due this bad boy. Be
careful with this one, especially software companies running IIS.
>From: "Zangara, Jim" <[EMAIL PROTECTED]>
>Reply-To: "MS-Exchange Admin Issues"
><[EMAIL PROTECTED]>
>To: "MS-Exchange Admin Issues" <[EMAIL PROTECTED]>
>Subject: RE: New Virus Alert
>Date: Tue, 18 Sep 2001 10:47:03 -0700
>
>W32/Nimda.A@mm - just came in from antigen.
>
>
>Virus Name:
>-------------------
>W32/Nimda.A@mm
>
>
>Alias:
>-------------------
>W32/Nimda-A
>W32/Nimda-mm
>
>
>
>E-mail Subject:
>-------------------
>None
>
>
>
>E-mail Body:
>-------------------
>None
>
>
>E-mail Attachments:
>-------------------
>README.EXE
>
>
>Description:
>-------------------
>This worm will enter a computer in one out of possibly two ways - it will
>either be received as an email with an attachment, and it seems that it
>will
>also attempt to break into machines running the web server software IIS
>(Internet Information Server), through a security hole known as a
>"directory
>traversal exploit".
>When the file is run, it will copy itself to the system directory as a
>hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI
>so
>that it is run from startup.
>
>
>At the Present time a Filter Rule for : Readme.exe (all types) will remove
>this from your email server
>
>We will be releasing AV Engine Updates when they are made available.
>
>Thank You,
>
>Sybari Software, Inc.
>
>
>Jim Zangara, MCSE+I
>Special Projects Engineer
>Premiere Radio Networks
>A Division of Clear Channel Communications
>15260 Ventura Blvd Suite 500
>Sherman Oaks, CA 91403
>Direct: (818) 461-8620
>mailto:[EMAIL PROTECTED]
>
>
>
>
>-----Original Message-----
>From: Lance -a-lot [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, September 18, 2001 9:51 AM
>To: MS-Exchange Admin Issues
>Subject: Re: New Virus Alert
>
>
>Do you know the name of the virus?
>
>
> >From: "Zangara, Jim" <[EMAIL PROTECTED]>
> >Reply-To: "MS-Exchange Admin Issues"
> ><[EMAIL PROTECTED]>
> >To: "MS-Exchange Admin Issues" <[EMAIL PROTECTED]>
> >Subject: New Virus Alert
> >Date: Tue, 18 Sep 2001 09:32:37 -0700
> >
> >Hey folks we are getting nailed by this new virus - we had already
> >blocked the exe extension but there are two new extensions causing the
> >windows media player to start - and share your C drive and propagate
> >itself. We are now blocking the *.EML and *.NWS per Antigen.
> >
> >Just wanted to spread the word - not the virus :)
> >
> >Good luck.
> >
> >Jim Zangara, MCSE+I
> >Special Projects Engineer
> >Premiere Radio Networks
> >A Division of Clear Channel Communications
> >15260 Ventura Blvd Suite 500
> >Sherman Oaks, CA 91403
> >Direct: (818) 461-8620
> >mailto:[EMAIL PROTECTED]
> >
> >-----Original Message-----
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> >Sent: Tuesday, September 18, 2001 9:21 AM
> >To: Zangara, Jim
> >Subject: Re: (ROB)RE: Antigen
> >
> >
> >
> >Jim,
> >
> >Here is a copy of what Sophios is saying in case you have not seen this
> >yet:
> >
> >Name: W32/Nimda-A
> >Type: W32 executable file virus
> >Date: 18 September 2001
> >
> >A virus identity file (IDE) which provides protection is available now
> >from our website and will be incorporated into the November 2001 (3.51)
> >release of Sophos Anti-Virus.
> >
> >Sophos has received many reports of this virus from the wild.
> >
> >Description:
> >
> >W32/Nimda-A is an email-aware virus that spreads using an attached
> >filename of README.EXE.
> >
> >Sophos researchers are continuing to examine the virus and will be
> >posting
> >a
> >more detailed description of the virus on the Sophos website once the
> >analysis is complete.
> >
> >
> >Use the file filter that I told you about earlier, README.EXE on all
> >file types.
> >
> >Robert McCarthy
> >Sybari Software, Inc.
> >E-mail: [EMAIL PROTECTED]
> >Phone: 631-630-8500 Option # 23
> >http://www.sybari.com
> >
> >Please respond to [EMAIL PROTECTED]
> >
> >
> >List Charter and FAQ at:
> >http://www.sunbelt-software.com/exchange_list_charter.htm
> >
>
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>
>List Charter and FAQ at:
>http://www.sunbelt-software.com/exchange_list_charter.htm
>
>
>List Charter and FAQ at:
>http://www.sunbelt-software.com/exchange_list_charter.htm
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
