Re: NIMDA worm: JavaScript
This does work on its own... I simply loaded the readme.eml and it contained the embedded mime readme.exe(which I never ran or found on linux system) but it does propagate thru network shares and to any writeable directories for the current user. so any samba shares and network connections to win clients file and printer sharing llows it to write easily to windows unsecure file and printsharing. As for the message on samba.orgs site its under announcements and says URGENT in bold black letters. I am finally clean of it after check ing for 2 days, no more loose *.eml files and btw, clear your cach folder if you have benn infected by viewing a site.. BTW Joel that was me and I had(note: had) java running on Konquerer, that was how I got infected. That was prolly the only reason that I was able to spread it to my winclients otherwise I likely would have been completely safe from it. HTH On Sunday 23 September 2001 10:19, you wrote: > On Sun, 23 Sep 2001 10:48:43 -0400 > > burns <[EMAIL PROTECTED]> wrote: > > The worm will also propagate through network shares. It isn't going to > > activate and infect a Linux client, but a linux client could 'share' it > > to > > > other Windows boxes on the same network if they are unlucky enough to > > pull > > > across that file. > > Does this thing work on it's own, or is it necessary to run an attachment > or open a message with an attachment? -- Bill Day A.K.A. BadMan RLU#188133 RLM#83358 http://counter.li.org irc.openprojects.net #linux-users Our crystal tears now fall upon the ashes, but from the dust shall grow a new spirit, to be in compassion for those who are lost, and one in determination to break those who dare test our resolve to be free... <---> 7:30pm up 53 days, 9:45, 23 users, load average: 0.12, 0.18, 0.14 ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: NIMDA worm: JavaScript
On Sun, 23 Sep 2001 10:48:43 -0400 burns <[EMAIL PROTECTED]> wrote: > > The worm will also propagate through network shares. It isn't going to > activate and infect a Linux client, but a linux client could 'share' it to > other Windows boxes on the same network if they are unlucky enough to pull > across that file. Does this thing work on it's own, or is it necessary to run an attachment or open a message with an attachment? -- Ken Moffat [EMAIL PROTECTED] ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: NIMDA worm: JavaScript
On September 22, 2001 11:31 pm, Tim Wunder wrote: > Previously, Joel Hammer chose to write: > > I thought from all I had read about JavaScript that it was designed to be > > safe. > > I recall on another list someone said he had downloaded a malicious html > > doc and others on the list claimed that was impossible. This was a long > > time ago, like 8 months. > > Anyway, the following update is rather alarming: > > http://www.cert.org/advisories/CA-2001-26.html > > Even linux boxes are getting infected from their windows clients if they > > run samba. There was a fix posted on the samba mailing list. > > Joel > > Hi Joel, > I didn't see anything in the advisory pertaining to Samba, was that > something you just got from the samba list? > The worm will also propagate through network shares. It isn't going to activate and infect a Linux client, but a linux client could 'share' it to other Windows boxes on the same network if they are unlucky enough to pull across that file. -- burns ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: NIMDA worm: JavaScript
> > Hi Joel, > I didn't see anything in the advisory pertaining to Samba, was that something > you just got from the samba list? > There is mention that the infected clients will attempt to spread the worm: "from client to client via open network shares" This includes samba. I don't think there is any danger to linux boxes, but windows clients can get infected from the linux server. One guy (On the samba list?) says he visited a site and got hundreds of copies of the worm on his linux box. I tried that but only got one copy. Of course, I used opera, and I likely had javascript turned off, which is what CERT recommends. Not counting one day when I turned off logging (the first day), I have had 880 hosts attack me and have had 20,000 separate hits on my port 80 from this worm. This is the worst yet, methinks. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
Re: NIMDA worm: JavaScript
Previously, Joel Hammer chose to write: > I thought from all I had read about JavaScript that it was designed to be > safe. > I recall on another list someone said he had downloaded a malicious html > doc and others on the list claimed that was impossible. This was a long > time ago, like 8 months. > Anyway, the following update is rather alarming: > http://www.cert.org/advisories/CA-2001-26.html > Even linux boxes are getting infected from their windows clients if they > run samba. There was a fix posted on the samba mailing list. > Joel > Hi Joel, I didn't see anything in the advisory pertaining to Samba, was that something you just got from the samba list? Tim ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
NIMDA worm: JavaScript
I thought from all I had read about JavaScript that it was designed to be safe. I recall on another list someone said he had downloaded a malicious html doc and others on the list claimed that was impossible. This was a long time ago, like 8 months. Anyway, the following update is rather alarming: http://www.cert.org/advisories/CA-2001-26.html Even linux boxes are getting infected from their windows clients if they run samba. There was a fix posted on the samba mailing list. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users