[thelist] W32/Nimda DATs available from McAfee
Ron Thigpen
rthigpen at nc.rr.com
Tue Sep 18 16:48:58 CDT 2001
W32/Nimda DATs available from McAfee <www.mcafee.com>. If you are
running their AV software you'll want to get this right away.
Looks like this one spreads using multiple methods. It will email itself
(similar to Melissa and I Love You). Compromised IIS webservers will
spread it through port scanning (similar to Code Red), as well as
through embedded javascript code that opens a new window and loads a
file named "readme.eml". This file is contains multipart MIME that is
capable of running, *without user intervention*, on vulnerable Windows
systems. This is also exploited in email clients that will load code
into IE.
If you run Outlook, and haven't yet disabled scripts, now would be a
good time.
If you've got IE you might want to patch it:
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/bulletin/ms01-020.asp
Cheers,
--rt
More information about the thelist
mailing list