Re: Fast Spreading Virus

Tom Grimshaw Tue, 18 Sep 2001 18:02:20 -0700
At 05:27 PM 18/09/2001 -0700, you wrote:
>Can we avoid this virus by simply not
>opening "runable" attachments such
>as EXE's, COM's etc...?
>
>Scott


I read that the worm uses several methods of propagating,
has a custom header section that fools the computer into
thinking that the exe is a wav file etc.

--------------------
W32/Nimda.A@mm
--------------------
The worm W32/Nimda.A@mm is spreading very fast. It may arrive as an email 
with the following charteristics:
Subject: None
Body: None
Attachment name: README.EXE
This worm may enter a computer in several ways - it will either be received 
as an email with an attachment, over open shared drives in networks, and it 
seems that it will also attempt to break into machines running the web 
server software IIS (Internet Information Server), utilizing various 
security holes well known . All IIS web server admins are encouraged to 
patch up their web server to protect themselves. An accumulative patch for 
IIS servers is available from:
http://www.microsoft.com/technet/security/bulletin/MS01-044.asp
When the infected file is run, it will copy itself to the system directory 
as a hidden file called LOAD.EXE. This file is called from the file 
SYSTEM.INI so that it is run from startup.
Norman researchers are continuing to examine the worm and will be posting a 
more detailed description of the worm on the Norman web site once the 
analysis is complete.
Norman Virus Control with definitions files from September 18th or later 
detects this worm. Users are encouraged to update their Norman Virus 
Control protection to the most recent version.
More information on http://www.norman.com.au

Safe Computing
The Norman Team
Capital Security Solutions.

Warmest regards,


Tom Grimshaw
coy:    Just For You Software
tel:    612 9552 3311
fax:    612 9566 2164
mobile: 0414 675 903

post:   PO Box 470  Glebe  NSW  2037  Australia
street: 3/66 Wentworth Park Rd  Glebe  NSW  2037

email:  [EMAIL PROTECTED]
web: www.just4usoftware.com.au

This email and any files transmitted with it are confidential to the 
intended recipient and may be privileged. If you have received this email 
inadvertently or you are not the intended recipient, you may not 
disseminate, distribute, copy or in any way rely on it. Further, you should 
notify the sender immediately and delete the email from your computer. 
Whilst we have taken precautions to alert us to the presence of computer 
viruses, we cannot guarantee that this email and any files transmitted with 
it are free from such viruses.
Re: Fast Spreading Virus

Reply via email to
