Posted on 09/18/2001 12:24:04 PM PDT by prognostigaator
"Friends,
In his just-concluded news conference, U.S. Atty. General John Ashcroft mentioned the "Nimda" virus ("Admin" spelled backwards). As noted by Symantec Corp. on its Web site:
http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@m m.html
"W32.Nimda.A@mm is a new mass-mailing worm that utilizes email to propagate itself. The threat arrives as a file named readme.exe in an email.
"In addition, the worm sends out probes to Microsoft IIS servers attempting to spread itself by using the Unicode Web Traversal exploit similar to W32.BlueCode.Worm. Compromised servers may display a webpage prompting a visitor to download an Outlook file which contains the worm as an attachment.
"Also, the worm will create an open network share allowing access to the system. The worm will also attempt to spread via open network shares."
You need to make sure your computer is protected against such viruses. Visit www.symantec.com, www.mcafee.com or www.commandcentral.com (among other anti-virus sites) and make sure YOUR anti-virus software is updated.
Regards, Mark Kellner"
Rosie: this is what I was talking about.
But most e-mails containing the W32/Nimda.A-mm worm do not have a visible attachment. When the subject of the email is clicked so that the recipient can read the e-mail, the worm is immediately activated and attempts to run a programming script.
They recommend turning off scripting (in either IE or Outlook).
There is a bug in MSIE 5 that automatically executes ".eml" files -- and there is a way of creating those files to automaticlaly execute an attachment. Protect yourself by disabling Active Scripting (Tools->Internet Options->Security->Custom Settings).
Ask yourself these questions:
Where is the first place I go to get my news?
Am I getting any benefit from FreeRepublic?
Am I learning from FreeRepublic?
FreeRepublic is not free. It costs Jim Robinson tens of thousands of dollars to keep this forum running. There are over 60,000 registered users on FreeRepublic and only 1,000 help keep this forum running. Those who do not have the ability to donate money could help by bumping the threads once in a while. Those who who do should be ashamed of yourselves. You are a FReeploader.
Go ahead, flame me. I don't care. I contribute to FreeRepublic, and I for one do not want to see this forum dead.
If everyone who registered donated one measly dollar a month, we would never have to have a fundraiser again.
Or Mail your check to:
FreeRepublic , LLC
PO BOX 9771
FRESNO, CA 93794
To donate By Paypal:
Send PayPal direct to JimRob@psnw.com
I deleted the email right away and only got a glance at it, but as I recall it had red and blue background.
I have logged 141 alarms (Hack Tracer) since 10:10:21 this am. Getting about 2-4 a minute now.
By Duncan Martell
SAN FRANCISCO (Reuters) - A damaging new computer worm was spreading like wildfire across the Internet on Tuesday, hitting both home PC users and commercial servers, in an outbreak that could prove more widespread and costly than the Code Red viruses, computer security experts said.
Known as ``Nimda,'' which spells admin backwards, the worm spreads by sending infected e-mails and also appears able to infect Web sites, so when a user visits a compromised Web site, the browser -- if it has not been patched -- can spread the worm to a PC, analysts said.
So far, it appears that Nimda arrives in e-mail without a subject line and containing an attachment titled ``readme.exe,'' experts said.
Internet security experts have warned of the potential for an increase in virus activity after last week's attacks on the World Trade Center and Pentagon (news - web sites), but U.S. Attorney General John Ashcroft (news - web sites) said there was no sign the outbreak was linked to those events.
``There is no evidence at this time which links this infection to the terrorist attacks of last week,'' Ashcroft told a news briefing.
The worm may have started as early as Monday and was showing signs of overloading traffic on the Internet, Ashcroft said, saying that Nimda proved ``heavier'' than the Code Red worm that caused an estimated $2.6 billion in clean-up costs on Internet-linked computers after outbreaks in July and August.
``Compared to Code Red, it may well be bigger simply because it can affect home users as well,'' said Graham Cluley, senior technical consultant for Sophos Antivirus.
If Microsoft Corp.'s (Nasdaq:MSFT - news) Outlook e-mail program has not been patched with an update that became available in March, the recipient does not even need to open the attachment to activate the virus -- opening the e-mail itself is sufficient -- said Vincent Weafer, senior director of Symantec Corp.'s (Nasdaq:SYMC - news) Symantec Security Response unit.
Other e-mail programs, such as Eudora or International Business Machine Corp.'s Lotus Notes, require the recipient to open the attachment for the virus to replicate, he said.
So far, the malicious program does not appear capable of erasing files or data, but Nimda has shown itself capable of slowing down computer operations as it replicates, experts said.
``In terms of data destruction, we haven't seen anything,'' Weafer said.
Experts said Nimda had appeared in the United States, Europe and Latin America and was likely to spread to other regions as well.
``It seems to be very widespread and (moves) at an incredibly quick rate,'' Cluley said. ``The reason it's become so widespread is because it not only travels via e-mail but it contaminates Web sites as well.''
The worm exploits an already detected vulnerability in Microsoft's Internet Information Server Web software running on Windows NT or 2000 machines, the same breach that the Code Red viruses exploited, experts said.
Once Nimda infects a machine, it tries to replicate in three ways. It has its own e-mail engine and will try to send itself out using addresses stored in e-mail programs. It also scans IIS servers looking for the known vulnerability and attacks those servers. Finally, it looks for shared disk drives and tries to replicate itself to those devices, Symantec's Weafer said.
Experts urged companies and users to update antivirus software and to download the software patches, noting the principal reason the worm had spread so quickly was that people and companies had not downloaded the free software patches.
Patches are available for both the IIS vulnerability and Web browsers at http://www.microsoft.com/security.
If anyone hasn't downloaded the patch, they had better do so right away.
Just get a Mac....
Same here. Log is at 253 now.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.