----------< Forwarded Message Follows >---------- Date: Tue, 18 Sep 2001 17:36:48 -0400 From: ISC Provider Desk <[EMAIL PROTECTED]> Subject: **Virus Alert -- W32.Nimda** Hi folks -- Symantec will be posting definitions later this evening to detect the W32.Nimda worm. Details of the exact behavior of the virus are still sketchy -- what is known is that it can infect a machine in one of three ways: -- via an email with no return header info, a random subject line, and an attachment named "Readme.exe" -- via Windows network shares -- via a known exploit in Internet Information Services, ala Code Red (and Code Blue) A more detailed alert will be posted later this evening when more accurate information from the various AV vendors is available. In the meantime, please see: http:[EMAIL PROTECTED] http://www.sophos.com/virusinfo/analyses/w32nimdaa.html http://www.europe.f-secure.com/v-descs/nimda.shtml http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NIMDA.A http://vil.nai.com/villib/dispvirus.asp?virus_k=99209 Please be sure to update your virus definitions this evening or as soon as possible, and also to install all the latest patches for IIS and Windows NT/2000. Thanks, -- Bob --- Bob Barron Senior IT Support Specialist ISC Provider Desk [EMAIL PROTECTED] -------------< End Forwarded Message >----------- -- www.tru64unix.compaq.com www.tru64.org comp.unix.tru64 T.T.F.N. William H. Magill Senior Systems Administrator Information Services and Computing (ISC) University of Pennsylvania Internet: [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.isc-net.upenn.edu/~magill/ ---- You are receiving this because you are subscribed to the list named "UnivCity." To unsubscribe, see <http://list.purple.com>
