Nimda Worm Update and Information

One important thing to do immediately, if you haven’t already, is to disable Active Scripting in both Internet Explorer and Outlook. Wired’s new article, Scary Hybrid Internet Worm Loose, explains how to do that.

Wired’s article also describes the worm:

Most e-mails containing the W32/Nimda.A-mm worm do not have a visible attachment. The worm immediately activates and attempts to run a programming script as soon as the user clicks and opens the e-mail.

Infected Web servers will also attempt to spread the virus to anyone who visits websites that are housed on that server by pushing a JavaScript "readme.exe" or "readme.eml" file to computers that visit the infected sites. The virus activates automatically upon transmission.

On infected computers, the virus reportedly creates a new "Guest Account" with no password, which allows any attacker to log on to infected computers and have full access to the contents of the computer or network.

Even those who have strong security settings in place may be affected, because the worm reportedly overwrites existing security settings to allow remote login and full access.

Besides altering system settings, once the virus is active, it attempts to infect all compressed files, such as ZIP archives on a computer’s hard drive, as the IRC worm called "readme.exe" does.

It then e-mails copies of itself to selected addresses in the infected computer’s Outlook e-mail address book and Web cache folders, and begins scanning the Internet for Web servers to infect.

The Latest News about Nimda

  • Scary Hybrid Internet Worm Loose
    Combines the worst features of Code Red and Sircam, spreading significantly faster than any worm or virus before it.
    [09/20/01 12:30 p.m. PDT, By Michelle Delio, Wired News]
  • PE_NIMDA.A, aka W32/Nimda.A@mm
    Information and fixes for PCs and links to patches for IIS servers. Also updates for their software.
    [Trend, PC-cillin]

Patches and Updates for PCs and IIS servers

More at Brainstorms and Raves

01:07 pm, pdt20 September, 2001 Comments, Trackbacks ·';}?>

Categories: Software

*/ ?>