Nimda Worm Update and Information
One important thing to do immediately, if you haven’t already, is to disable Active Scripting in both Internet Explorer and Outlook. Wired’s new article, Scary Hybrid Internet Worm Loose, explains how to do that.
Wired’s article also describes the worm:
Most e-mails containing the W32/Nimda.A-mm worm do not have a visible attachment. The worm immediately activates and attempts to run a programming script as soon as the user clicks and opens the e-mail.
On infected computers, the virus reportedly creates a new "Guest Account" with no password, which allows any attacker to log on to infected computers and have full access to the contents of the computer or network.
Even those who have strong security settings in place may be affected, because the worm reportedly overwrites existing security settings to allow remote login and full access.
Besides altering system settings, once the virus is active, it attempts to infect all compressed files, such as ZIP archives on a computer’s hard drive, as the IRC worm called "readme.exe" does.
It then e-mails copies of itself to selected addresses in the infected computer’s Outlook e-mail address book and Web cache folders, and begins scanning the Internet for Web servers to infect.
The Latest News about Nimda
- Scary Hybrid Internet Worm Loose
Combines the worst features of Code Red and Sircam, spreading significantly faster than any worm or virus before it.
[09/20/01 12:30 p.m. PDT, By Michelle Delio, Wired News]
- PE_NIMDA.A, aka W32/Nimda.A@mm
Information and fixes for PCs and links to patches for IIS servers. Also updates for their software.
Patches and Updates for PCs and IIS servers
- CERT Advisory CA-2001-26 Nimda Worm
Description of the worm and what it does, how to recover your PC or IIS server, and links to patches.
[09/20/01 revised, CERT]
- Internet Explorer 5.5 Service Pack 2 and Internet Tools
PC update of Internet Explorer that includes patch for Nimda
- Windows 2000 Service Pack 2
For Windows 2000 Professional, Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 with Server Appliance Kit
More at Brainstorms and Raves