From Symantec's web site (http:[EMAIL PROTECTED])
"W32.Nimda.A@mm is a new mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by email, searches for open network shares, and attempts to copy itself to unpatched Microsoft IIS web servers. The worm does this using the Unicode Web Traversal exploit. A patch and information regarding this exploit can be found at http://www.microsoft.com/technet/security/bulletin/ms00-078.asp.
Users visiting compromised Web servers will be prompted to download an .eml (Outlook Express) email file, which contains the worm as an attachment.
Also, the worm will create an open network share on the infected computer, allowing access to the system."
/ljb
-----Original Message-----
From: R. Scott Perry [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 12:39 PM
To: [EMAIL PROTECTED]
Subject: [IMail Forum] New widespread virus: W32/Nimda-A; arrives with
readme.exe attachment
FYI, Sophos has just alerted us to a new virus that is apparently spreading
very quickly, called W32/Nimda-A. Not much information is available
yet. Apparently, it uses an attachment called "readme.exe".
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
