I believe I sent this out a while back. And totally agree, even today many servers out there are still infected with Nimda.. Since the 3rd release I believe Microsoft as moved IE5.5sp2 into their critical updates section. Everyone be sure to be up to IE5.5sp2 to cover MS's mime/type exploit. Regardless of what web server software you run, if you visit a Nimda infected web site and are not at IE5.5sp2 your browser will download and execute the virus without any notification. We have tested this quite a bit on some "Off Network Machines". Not sure how to explain when you get it, but you will notice something strangley launched from your browser and your HD will start beating pretty good. If you do happen to get the virus or simply want to check your machine for kicks and giggles to feel safe, we have a link on our site to a NAI "command line / no install" nimda scanner and cleaner. This has worked very successfull in removing the virus from all of our found IIS boxes, and even nicer on those machines that you really dont want or need permenant virus software. Hopefully if I get some free time I would like to put together a a security section to cover some of the MS patch links for IIS, DNS, etc etc, and advice to our customers for OE configuration. I would also hope that everyone followed James previous posting on how to block the readme attachments with routing rules. It has proved very effective as well.
http://www.cnsonline.com Under tools/help. Danny On 20/Oct/2001 19:13:28, Mercedes wrote: > Volgens welgemeende bronnen zal morgen (vrijdag) het Nimdavirus uitbreken. > According to this, tomorrow at 2am(c.s.t) Nimda is > scheduled to unleash on email tomorrow.. > > All be sure you are at IE5.01 SP2 or IE5.5 SP2 and make sure > if using Outlook Express, is patched to not allow attachments > to execute automatically. (I would recommend turning off option > to mark messages read after (x) seconds. > > > > Researchers say Nimda set to propagate again > > By Deborah Radcliff, Computerworld online > September 27, 2001 10:52 am PT > > > RESEARCHERS HAVE DISCOVERED a third vector to the Nimda worm, which is set to >propagate again through e-mail at 1 a.m. ET Friday. > > "We rechecked the code base to Nimda, and we found a code set that is supposed to >respread Nimda through e-mail systems starting 10 days after machines were first >infected," said Oliver Friedrichs, director of engineering at the Attack Registry and >Intelligence Service. That service is sponsored by SecurityFocus, a business security >firm in San Mateo, Calif. > > Ten days after first infecting machines, the worm will attempt to respread itself >through readme.exe attachments, with the same payload as its original mail-based >infection. > > The impact could be significant or minute, depending on how well the IT community >has cleaned systems and patched Microsoft IIS (Internet Information Server) and >Outlook programs. The 10-day vector will likely be less severe than Nimda was the >first time because more systems have been patched against the vulnerabilities, >Friedrichs said. > > But because Nimda has spread itself to so many places on computers, networked >systems may not have been cleaned enough to prevent widespread mailings of the virus. >Therefore, Friedrichs advised IT managers to do the following: > > -- Double-check their patches. > > -- Make sure their anti-virus software blocks Nimda. > > -- Block executables files at the e-mail gateway. > > -- Alert users not to preview or open any attachments that say readme.exe. > > ======================================================================= > Helaas ontbrak ons de tijd om dit voor u te vertalen. > > > > _______________________________________________________ > Alert Systems Project > > _______________________________________________________ > Powered by Sambar Webmail - <A >HREF="http://www.sambar.com";>http://www.sambar.com</A>) > > > > ============================================================ > De Alert Nieuwsbrief is een uitgave van Alert Systems Project en wordt gratis >verpreid onder de aangemelde leden. > > Aan de uitgave wordt de uiterste zorg besteed. Toch kan het voorkomen dat de >informatie later bij U verschijnt. Vaak is de oorzaak dan dat over de gemelde >informatie nog nadere info binnenkomt via onze bronnen die van belang zijn voor U. > > De uitgave is vrij van copyright en mag worden doorgegeven aan vrienden en/of >bekenden. Wij verzoeken U wel bij doorgifte aan derden onze link <A >HREF="http://www.n-i-herders.nl";>http://www.n-i-herders.nl</A> te vermelden. > ============================================================ > Wilt U de Nieuwsbrief NIET meer ontvangen: > stuur een leeg bericht naar [EMAIL PROTECTED] met als onderwerp: UNSUBSCRIBE >(meer niet) > u wordt dan van de maillist verwijderd. > Om U aan te melden hetzelfde als bovenstaand maar dan met onderwerp: SUBSCRIBE > > > > -------------------------------------------------------------------------------- > For unsubscription of this list send an email to [EMAIL PROTECTED] with email > data containing unsubscribe emailadd sambar > > -------------------------------------------------------------------------------- For unsubscription of this list send an email to [EMAIL PROTECTED] with email data containing unsubscribe emailadd sambar
