RE: nimda d??
We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
I think one of the requirements for getting your name in the FAQ is that you actually *have* an Exchange Server... -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:27 PM To: Exchange Discussions Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
lmao -Original Message- From: Andy David [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 12:44 PM To: Exchange Discussions Subject: RE: nimda d?? I think one of the requirements for getting your name in the FAQ is that you actually *have* an Exchange Server... -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:27 PM To: Exchange Discussions Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
*sobbing* That was uncalled for! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Andy David Sent: Monday, October 29, 2001 12:44 PM To: Exchange Discussions Subject: RE: nimda d?? I think one of the requirements for getting your name in the FAQ is that you actually *have* an Exchange Server... -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:27 PM To: Exchange Discussions Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
Yes I am! I keep my sKiLLs sharpened here. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Barry Patterson Sent: Monday, October 29, 2001 12:48 PM To: Exchange Discussions Subject: RE: nimda d?? LOL I think he's working on it - right Martin? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy David Sent: Monday, October 29, 2001 2:44 PM To: Exchange Discussions Subject: RE: nimda d?? I think one of the requirements for getting your name in the FAQ is that you actually *have* an Exchange Server... -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:27 PM To: Exchange Discussions Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
Once it's up, Martin will have: 1--even more time to waste here, having attained Email Valhalla b--reason to believe that extension blocking is the least of the issues 4--both 1 and 3 Place your bets now -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:49 PM To: Exchange Discussions Subject: RE: nimda d?? Yes I am! I keep my sKiLLs sharpened here. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Barry Patterson Sent: Monday, October 29, 2001 12:48 PM To: Exchange Discussions Subject: RE: nimda d?? LOL I think he's working on it - right Martin? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy David Sent: Monday, October 29, 2001 2:44 PM To: Exchange Discussions Subject: RE: nimda d?? I think one of the requirements for getting your name in the FAQ is that you actually *have* an Exchange Server... -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:27 PM To: Exchange Discussions Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
FAQ 5.1 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Posted At: Monday, October 29, 2001 02:27 PM Posted To: MSExchange Mailing List Conversation: nimda d?? Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. [snip] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: nimda d??
Did I ever tell you about the beautiful Exch server I used to have -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dillon, Jeff Sent: Monday, October 29, 2001 12:58 PM To: Exchange Discussions Subject: RE: nimda d?? Once it's up, Martin will have: 1--even more time to waste here, having attained Email Valhalla b--reason to believe that extension blocking is the least of the issues 4--both 1 and 3 Place your bets now -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:49 PM To: Exchange Discussions Subject: RE: nimda d?? Yes I am! I keep my sKiLLs sharpened here. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Barry Patterson Sent: Monday, October 29, 2001 12:48 PM To: Exchange Discussions Subject: RE: nimda d?? LOL I think he's working on it - right Martin? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy David Sent: Monday, October 29, 2001 2:44 PM To: Exchange Discussions Subject: RE: nimda d?? I think one of the requirements for getting your name in the FAQ is that you actually *have* an Exchange Server... -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 3:27 PM To: Exchange Discussions Subject: RE: nimda d?? Yea. I want that in the FAQ. Next to the Ed Crowley Server Move, I want the Martin Blackstone Extension Blocking List. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Lambert Sent: Monday, October 29, 2001 12:02 PM To: Exchange Discussions Subject: RE: nimda d?? Uh huh, yep. And many others from the list you provided. Thanks again for that. Bill Lambert, Mcp, Mcse Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, October 29, 2001 1:43 PM To: Exchange Discussions Subject: RE: nimda d?? We are all blocking .EXE files like we are supposed tooright? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greatlakes, Reebdnes Sent: Monday, October 29, 2001 10:34 AM To: Exchange Discussions Subject: nimda d?? Symantec Security Response - W32.Nimda.D@mmSymantec Security Response http://securityresponse.symantec.com W32.Nimda.D@mm Discovered on: October 29, 2001 Last Updated on: October 29, 2001 at 07:00:35 AM PST W32.Nimda.D@mm is an new version of W32.Nimda.A@mm that contains bug-fixes and modifications to avoid previous anti-virus detection. This worm is similar in functionality to W32.Nimda.A@mm. Differences include the modification of filenames used by the worm. The attachment received has been changed to sample.exe The dropped DLL file is now httpodbc.dll The worm now copies itself to the Windows System directory as csrss.exe instead of mmc.exe Infected HTML files are already detected as W32.Nimda.A@mm (html) Type: Virus, Worm Virus Definitions: October 29, 2001 Threat Assessment: Wild: Low Damage: Medium Distribution: High Wild: Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Damage: Payload: Large scale e-mailing: Emails itself out as sample.exe Degrades performance: May cause system slowdown Compromises security settings: Creates open network shares Distribution: Name of attachment: sample.exe (this file may not be visible) Shared drives: Infects open network shares Target of infection: Specifically attempts to infect unpatched IIS servers Write-up by: Eric Chien _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
