RE: nimda d??

Martin Blackstone Mon, 29 Oct 2001 11:18:58 -0800

We are all blocking .EXE files like we are supposed too....right?

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes,
Reebdnes
Sent: Monday, October 29, 2001 10:34 AM
To: Exchange Discussions
Subject: nimda d??



Symantec Security Response - W32.Nimda.D@mmSymantec Security Response
      http://securityresponse.symantec.com
 
W32.Nimda.D@mm
      Discovered on: October 29, 2001
      Last Updated on: October 29, 2001 at 07:00:35 AM PST

W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains
bug-fixes and 
modifications to avoid previous anti-virus detection. 
This worm is similar in functionality to W32.Nimda.A@mm. Differences
include the 
modification of filenames used by the worm.

  The attachment received has been changed to sample.exe
  The dropped DLL file is now httpodbc.dll
  The worm now copies itself to the Windows System directory as
csrss.exe 
  instead of mmc.exe

Infected HTML files are already detected as W32.Nimda.A@mm (html)

Type: Virus, Worm 
Virus Definitions: October 29, 2001 
Threat Assessment: 

      Wild: 
      Low Damage: 
      Medium Distribution: 
      High 
 
Wild: 
  Number of infections: 0 - 49 
  Number of sites: 0 - 2 
  Geographical distribution: Low 
  Threat containment: Easy 
  Removal: Moderate 
Damage: 
  Payload: 
    Large scale e-mailing: Emails itself out as sample.exe 
    Degrades performance: May cause system slowdown 
    Compromises security settings: Creates open network shares 
Distribution: 
  Name of attachment: sample.exe (this file may not be visible) 
  Shared drives: Infects open network shares 
  Target of infection: Specifically attempts to infect unpatched IIS
servers

 

Write-up by: Eric Chien 



_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]


_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Archives:               http://www.swynk.com/sitesearch/search.asp
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]

RE: nimda d??

Reply via email to