Our first notice of this virus came in this afternoon but was stopped by
declude. I have only seen the one but have seen others getting hit in
newsgroups.
-----
Declude Virus caught a virus with the subject "Fwd: Re: [afp_nugget_list]
oops, i was trying to send this to the fa"
from [EMAIL PROTECTED] to: [EMAIL PROTECTED]
The Virus name is : W95/Nimda.A@mm.
The filename is readme.exe.
The spool file name is Dd323278.SMD.
-----
The names were changed to protect the innocent :)
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff
Sent: Tuesday, September 18, 2001 5:16 PM
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] New widespread virus: W32/Nimda-A; arrives
wit h readme.exe attachment
This is of concern primarly to IIS 4 & 5. Windows 2000 SP2 covers the
patch.
John Tolmachoff, Network Engineer
211 E. Imperial Hwy., Suite 106
Fullerton, CA� 92835
714-578-7999, ext. 104
[EMAIL PROTECTED]
www.reliancesoft.com
�
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Bryson, Laura
Sent: Tuesday, September 18, 2001 1:42 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [IMail Forum] New widespread virus: W32/Nimda-A; arrives
wit h readme.exe attachment
>From Symantec's web site
(http:[EMAIL PROTECTED])
"W32.Nimda.A@mm is a new mass-mailing worm that utilizes multiple
methods to spread itself. The worm sends itself out by email, searches
for open network shares, and attempts to copy itself to unpatched
Microsoft IIS web servers. The worm does this using the Unicode Web
Traversal exploit. A patch and information regarding this exploit can be
found at
http://www.microsoft.com/technet/security/bulletin/ms00-078.asp.
Users visiting compromised Web servers will be prompted to download an
.eml (Outlook Express) email file, which contains the worm as an
attachment.
Also, the worm will create an open network share on the infected
computer, allowing access to the system."
/ljb
-----Original Message-----
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 12:39 PM
To: [EMAIL PROTECTED]
Subject: [IMail Forum] New widespread virus: W32/Nimda-A; arrives with
readme.exe attachment
FYI, Sophos has just alerted us to a new virus that is apparently
spreading
very quickly, called W32/Nimda-A.� Not much information is available
yet.� Apparently, it uses an attachment called "readme.exe".
��������������������������������������������������� -Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail.� http://www.declude.com
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
