Virus Update
Got this from Peter Kruse who pointed me to http://www.norman.no/ - thanks! The worm W32/Nimda.A@mm is spreading very fast. It may arrive as an email with the following charteristics: Subject: None Body: None Attachment name: README.EXE This worm may enter a computer in several ways - it will either be received as an email with an attachment, over open shared drives in networks, and it seems that it will also attempt to break into machines running the web server software IIS (Internet Information Server), utilizing various security holes well known . All IIS web server admins are encouraged to patch up their web server to protect themselves. An accumulative patch for IIS servers is available from: http://www.microsoft.com/technet/security/bulletin/MS01-044.asp When the infected file is run, it will copy itself to the system directory as a hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI so that it is run from startup. It may not remove everything but it may stop it long enough to see what damage was done. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
Virus Update
Got this from Peter Kruse who pointed me to http://www.norman.no/ - thanks! The worm W32/Nimda.A@mm is spreading very fast. It may arrive as an email with the following charteristics: Subject: None Body: None Attachment name: README.EXE This worm may enter a computer in several ways - it will either be received as an email with an attachment, over open shared drives in networks, and it seems that it will also attempt to break into machines running the web server software IIS (Internet Information Server), utilizing various security holes well known . All IIS web server admins are encouraged to patch up their web server to protect themselves. An accumulative patch for IIS servers is available from: http://www.microsoft.com/technet/security/bulletin/MS01-044.asp When the infected file is run, it will copy itself to the system directory as a hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI so that it is run from startup. It may not remove everything but it may stop it long enough to see what damage was done. Steve Clark Clark Systems Support, LLC www.clarksupport.com http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
RE: Virus Update
I am getting this thing on my PC. When I click on the email a dialog appears asking me if I wish to save this to disk or open it. It's a readme.exe file. John Cesta -Original Message-From: Clark, Steve [mailto:[EMAIL PROTECTED]]Sent: Tuesday, September 18, 2001 2:16 PMTo: NT System Admin IssuesSubject: Virus Update Got this from Peter Kruse who pointed me to http://www.norman.no/ - thanks! The worm W32/Nimda.A@mm is spreading very fast. It may arrive as an email with the following charteristics:Subject: NoneBody: NoneAttachment name: README.EXEThis worm may enter a computer in several ways - it will either be received as an email with an attachment, over open shared drives in networks, and it seems that it will also attempt to break into machines running the web server software IIS (Internet Information Server), utilizing various security holes well known . All IIS web server admins are encouraged to patch up their web server to protect themselves. An accumulative patch for IIS servers is available from: http://www.microsoft.com/technet/security/bulletin/MS01-044.aspWhen the infected file is run, it will copy itself to the system directory as a hidden file called LOAD.EXE. This file is called from the file SYSTEM.INI so that it is run from startup. It may not remove everything but it may stop it long enough to see what damage was done. Steve Clark Clark Systems Support, LLC AVIEN Charter Member www.clarksupport.com 301-610-9584 voice 240-465-0323 Efax http://www.sunbelt-software.com/ntsysadmin_list_charter.htm http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
