Hi all This is a warning of what is actually more a malicious email program than a virus or worm, but can still hurt the unwary. It is an email purporting to be a fix for the "nimda" worm/virus, but is in fact a harmful program. If you haven't heard of it yet, then you've heard now - be careful out there.
Cheers ____________________________________________________ Yanai Peles Regional IT Support Manager, CSIRO Mathematical & Information Sciences Building E6B, Macquarie University, North Ryde, NSW 2113, Australia Ph: +61 293253176, fax +612 93253200, Mobile: +61416253176 E-mail: [EMAIL PROTECTED] http://WWW.CMIS.CSIRO.AU/Yanai.Peles/ _________________________________________________________ > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, 1 October 2001 4:36 PM > To: [EMAIL PROTECTED] > Subject: AusCERT Update - Possible Trojan Horse FIX_NIMDA.exe > > > -----BEGIN PGP SIGNED MESSAGE----- > > Date: Mon, Oct 1 2001 > > Dear AusCERT member, > > AusCERT has received information about a potentially > dangerous email that may be attempting to initiate unwanted > action on computer systems by taking advantage of current > awareness of the Nimda worm. > > Elias Levy of SecurityFocus (http://www.securityfocus.com/) > has reported the existence of an email message that > spuriously claims to originate from SecurityFocus' ARIS > system and TrendMicro, containing "Anti Nimda Software". This > message has what appears to be a trojan horse executable > program called FIX_NIMDA.exe attached. Due to its similarity > to the free Nimda removal tool (FIX_NIMDA.com) published by > TrendMicro, recipients of the message may be tempted to > follow the instructions in this email and run the attachment. > AusCERT recommends that you do NOT run the attachment. > > More information is available in the original message from > SecurityFocus, available from: > > http://www.securityfocus.com/cgi-bin/archive.pl?id=75&mid=2174 > 56&start=2001-09-28&end=2001-10-04 > > Information about the Nimda worm, as well as the genuine > Nimda removal tool, are available from TrendMicro at: > > http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName =PE_NIMDA.A As always, AusCERT urges system administrators to inform their users about proper precautions with regards to handling email attachments. AusCERT recommends that sites should update and check their virus defences and either delete or do not open any unsolicited email messages or attachments that resemble those described above. System administrators and users are additionally urged to ensure that the latest Anti-Virus software is installed and that it is using the most current up-to-date virus databases. The AusCERT team will be monitoring any new developments on this issue and will release updates as they become necessary. Regards, The AusCERT Team =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: [EMAIL PROTECTED] Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AUSCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. Facsimile: (07) 3365 7031 =========================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBO7ia9yh9+71yA2DNAQEr6gQAlaSbWpZ81rBJOPtVrVCXsSwskanJLg9o wC1ihHT+uT/+uf9Bd/QjeiC94zzvAqE9/+EGERgrGuUN2HtynqNIWFDIv3S8tJhL aEowyA0XYCz6Ce/sJgBN/+prqNpCNhm86BG46q3fKYyLxRHSJokwU56YVUc4fs7b hxLmcMsnJKc= =0SOo -----END PGP SIGNATURE----- _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
