[thelist] W32/Nimda DATs available from McAfee

Ron Thigpen rthigpen at nc.rr.com
Tue Sep 18 16:48:58 CDT 2001

W32/Nimda DATs available from McAfee <www.mcafee.com>.  If you are 
running their AV software you'll want to get this right away.

Looks like this one spreads using multiple methods. It will email itself 
(similar to Melissa and I Love You).  Compromised IIS webservers will 
spread it through port scanning (similar to Code Red), as well as 
through embedded javascript code that opens a new window and  loads a 
file named "readme.eml".  This file is contains multipart MIME  that is 
capable of running, *without user intervention*, on vulnerable Windows 
systems.  This is also exploited in email clients that will load code 
into IE.

If you run Outlook, and haven't yet disabled scripts, now would be a 
good time.

If you've got IE you might want to patch it:




More information about the thelist mailing list