THE WHATIS.COM WORD-OF-THE-DAY September 20, 2001 Nimda ______________ TODAY'S SPONSOR: **STORAGE DECISIONS** Storage Decisions brings together top storage analysts like Gartner's VP Nick Allen and Steve Duplessie of ESG and expert technologists like best-selling author Jon William Toigo. This exclusive conference is FREE to members who qualify. Apply today. http://ad.doubleclick.net/clk;3177364;5058249;p?http://www.StorageDecisions2001.com _____________ TODAY'S WORD: Nimda See our definition with hyperlinks at http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci770982,00.html Nimda (said to be derived from "admin" spelled backwards) is a computer virus that first appeared on September 18, 2001. Nimda caused traffic slowdowns across the Internet as it attacked computers and created a ripple effect by invading computers containing Microsoft's Web server, Internet Information Server (IIS), and e-mail. Nimda's payload appears to be the traffic slowdown itself - that is, it does not appear to destroy files or cause harm other than the considerable time that may be lost to the slowing or loss of traffic known as denial-of-service. With its multi-pronged attack, Nimda appears to be the most troublesome virus of its type that has yet appeared. Nimda arrives at an unprotected IIS server as a Web page containing some JavaScript code that executes when the page is opened, causing the code to be propagated to all other Web pages on the server. On any of these pages, the JavaScript causes an e-mail (EML) or newsgroup (NWS) browser to open in a zero-size window and to automatically reinitiate the virus toward other computers at random IP addresses. Nimda systematically explores other known IIS vulnerabilities and, if successful, causes an e-mail sent to all addresses listed in the Outlook address book. The e-mail includes an executable attachment (named readme.exe) that, if opened, results in further propagation. System administrators are advised to remove any infected system from operation until a new system with appropriate patches can be installed. Where a system is not yet infected, patches should be downloaded from Microsoft and applied. End users are warned not to open any e-mail attachment named "readme.exe". RELATED TERMS virus http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213306,00.html Web server http://searchwebmanagement.techtarget.com/sDefinition/0,,sid27_gci213606,00.html Internet Information System http://searchwin2000.techtarget.com/sDefinition/0,,sid1_gci214020,00.html payload http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214475,00.html JavaScript http://searchwebmanagement.techtarget.com/sDefinition/0,,sid27_gci212418,00.html IP address http://searchwebmanagement.techtarget.com/sDefinition/0,,sid27_gci212381,00.html ___________________ SELECTED LINKS The official advisory from CERT offers details. http://www.cert.org/body/advisories/CA200126_FA200126.html SearchSecurity.com provides an interview with Jim Reavis, a security expert. http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci770744,00.html In "Nimda moving fast, slams brakes on Net," Michael Mimoso interviews TruSecure's Surgeon General Russ Cooper. http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci770749,00.html ___________________ ASK THE EXPERT Dear Ask the Expert, Our small company needs to outsource our Web services. I am absolutely overwhelmed by the 'best ever' offers from dozens of companies saying they can handle all our outsourcing needs and do it better than anyone else. Can you offer some guidelines about how I should go about narrowing the field? See expert Christine Pascarella's response: http://searchwebmanagement.techtarget.com/ateQuestionNResponse/0,289625,sid27_cid398730_tax287548,00.html _________________________ TECHTARGET SKILL-BUILDER Cisco Starter Kit This four course training kit will provide you with the basics of Cisco networking. Learn about the most current networking technologies, the fundamentals of IP routing, Cisco router configuration, and TCP/IP addressing. http://whatis.gofcs.com/products/by_category/LIBS/WTL003/index.html _________________________ RECENT ADDITIONS [1] seat management http://searchwindowsmanageability.techtarget.com/sDefinition/0,,sid33_gci770384,00.html [2] transparent computing http://whatis.techtarget.com/definition/0,,sid9_gci765426,00.html [3] pop-under http://searchwebmanagement.techtarget.com/sDefinition/0,,sid27_gci770425,00.html [4] blade server http://searchenterpriseservers.techtarget.com/sDefinition/0,,sid25_gci770169,00.html [5] magnetic field strength http://whatis.techtarget.com/definition/0,,sid9_gci763586,00.html ======================================================== If you would like to sponsor this or any techtarget newsletter, please contact Gabrielle DeRussy at [EMAIL PROTECTED] ======================================================== If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://WhatIs.techtarget.com/register and adjust your subscriptions accordingly. If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.