[cog] Re: [End-Times] *** Virus Alert***

Message: < previous - next > : Reply : Subscribe : Cleanse
Home   : September 2001 : Group Archive : Group : All Groups

From: "Jan Ross" <rross@...>
Date: Tue, 18 Sep 2001 20:53:14 -0400
To verify what Dale sent in regarding the new virus, Glen Stewart, owner of
"associate.com" just sent the following notice . . .


There's yet another Windows Web Server virus rampant on the web today.
It's spreading like wildfire and slowing down parts of the Internet from
what
I can tell.

Here's details:

A mass mailing email worm that contains exploit components from the infamous
Code Red worm has appeared on the Internet, and appears to be spreading
fast.

Nimda, which spreads though an infected email attachment, appears at the
user's In-box with a random subject line and no body text. It comes with
attachments called readme.exe and an HTML file. Users are advised to open
neither and delete suspicious emails.

The malicious code contains an exploit string similar to that in the Code
Red
worm which is causing software tools that detect Code Red to "light up like
Christmas trees", we hear.

MessageLabs, a managed services firm which scans its customers email for
viruses, has intercepted 164 copies of the virus so far, after it first
appeared this afternoon, possibly originating from Korea.

Graham Cluley, senior technology consultant at Sophos, said early analysis
suggested the virus tries to add malicious JavaScript to Web pages on IIS
servers that are vulnerable to the Code Red worm. But how the virus works
remains unclear.

AV software vendors are busily updating their software to detect the worm. ®

Update
An increase in port 80 scanning relating to the Nimda worm - which attempts
to hit IIS boxes with many different exploits - has been reported by CERT.
Its scanning activities might result in some overall slowdown of the
Internet.

Central Command has published a more detailed description of the worm which
states that although the body of an email appears blank, it contains code
that will execute if a user views a message in either Outlook or Outlook
Express.

To spread, Nimda uses MAPI (Mailing API) functions in order to extract email
addresses, according to Central Command.

Another method to spread is by using a Unicode Web Traversal exploit similar
to Code Blue targets which, as previously reported, tries to reprogramme
systems previously infected by the Code Red worm.

FreeGroups.net: Group Email without advertisements.  Is your group here?