We have Norton on 100% of our desktops with new signatures pushed daily.
trouble is, this thing hit MANY hours before Symantec had signatures to
catch it.
I took nimda's readme.eml file and replaced the mime encoded readme.exe with
a benign program of my own and tested IE 5.5 SP2. It does work. With IE 5.5
SP2, you will be prompted to save or run the attached readme.exe, but if you
click run, you still get infected.
IE 6 (so I've heard) honors the MIME header and ignores the .EXE extension
which causes IE 6 to fire up media player instead of just running the exe.
-----Original Message-----
From: John Allhiser [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 11:12 AM
To: Exchange Discussions
Subject: RE: Nimba virus
For the sake of discussion:
I came across an infected site at home last night.
I use IE6 on 2K Pro SP2 at home. (it's also the standard at work)
The site loaded as the default IIS4 installation page.
Two other windows then popped up. One was only visible in the task bar, the
other was the windows media player download page. NAV also came up
informing me
what happened and that it had quarrantined a file containing the Nimda
virus.
It seems that a good desktop AV along with an updated browser will stop it.
I don't have a sandbox set up currently. Has anyone actually tested the
"approved browsers" with an infected site and no virus protection?
just curious,
John Allhiser MCSE CCNA
Network Engineer
Business Men's Assurance
-----Original Message-----
From: Martin Blackstone [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 10:56 AM
To: Exchange Discussions
Subject: RE: Nimba virus
That is why we rolled out IE6 in about an hour on virus day
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Ken Cornetet
Sent: Friday, September 21, 2001 8:49 AM
To: Exchange Discussions
Subject: RE: Nimba virus
You are probably more at risk from infection by users browsing infected
web sites. Any IE other than 5.01SP2, 5.5SP2, or 6 will download the
virus and execute it WITHOUT the user clicking on anything!
Don't ask me how I know...
-----Original Message-----
From: Sethi, Ali [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 21, 2001 10:39 AM
To: Exchange Discussions
Subject: Nimba virus
Hello,
We are currently running Exchange 5.5 SP4. I have updated the NAV for
Exchange virus definitions to the latest ones out on the Symantec site.
Are there any other precautions/security patches that you recommend be
added to prevent this virus from entering our Email environment?
Thanks,
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
