Fwd: Nimda.A Worm Update. Delete if uninterested.

[Guest guest]

--- support wrote:

> Reply-to: support

> support

> Win32.Nimda.A Worm Update

> socheid

>

> =====================

> Win32.Nimda Worm Update

> =====================

>

> New email worm called Nimda has been with us for almost a week now and

> Computer Associates have released number of updates in order to combat

> this latest virus attack

>

> Win32.Nimda worm uses multiple mechanisms in order to spread: email, web

> servers and file shares. Means have been exploited by using known

> Microsoft vulnerabilities. If you haven't already installed the

> appropriate updates and/or patches, your computer can become infected.

>

> * Email: Infected machine attempts to distribute virus to other users by

> sending copies of the worm via email. When a user views an HTML e-mail

> carrying the worm or visits an infected Web site, Internet Explorer may

> launch the attached program executing the Nimda.A code (from the

> program: readme.exe). This is due to the " Incorrect MIME Header "

> vulnerability in Microsoft Internet Explorer 5.01 and 5.5.

>

> * Web servers: Infected machine attempts to find vulnerable Internet

> Servers via randomly selected IP addresses by exploiting known security

> vulnerability in Internet Information Server. Once infected, a web

> server will attempt to infect the machines of any users that visit it.

>

> * File shares: Infected machine searches for systems with open shares

> and inserts infected files to it.

>

> ===================================================

> Actions to take in order to protect against Nimda worm: End Users

> ===================================================

>

> * Update Internet Explorer by installing any of the following:

> - Internet Explorer 6

> - Internet Explorer 5.01 Service Pack 2

> - Internet Explorer 5.5 Service Pack 2

> - The patch provided in Microsoft Security Bulletin MS01-020.

> - The patch provided in Microsoft Security Bulletin MS01-027.

>

> * Don’t open email attachments. Nimda worm arrives as an attachment

> named readme.exe. Do not run this file.

>

> * Disable Active Scripting. In order to avoid infection by browsing

> infected web pages Active Scripting can be disabled in Internet

> Explorer.

>

> * Restrict file sharing privileges. If you have file shares that are not

> needed remove them. Make sure that you have given as few privileges as

> possible.

>

>

> For detailed information about Win32.Nimda refer to:

> http://my-etrust.com/products/encyclopedia/virusinfo/encyclopedia

>

> =============================================

>

> Additional information on viruses, worms, and

> Trojan horses can be found at the Computer

> Associates Virus Information Center:

> http://www.ca.com/virusinfo/

>

> For more detailed virus information and

> specialized removal instructions, visit:

> http://www.ca.com/virusinfo/virusalert.htm

>

> Carnegie Mellon Software Engineering Institute

> (CERT® Coordination Center):

> http://www.cert.org/advisories/

 

=====

Free antivirus software at www.grisoft.com

 

Free firewall software at www.zonealarm.com

 

Check against email hoaxes at www.stiller.com/hoaxes.htm

 

or www.scambusters.org/legends.html

 

 

 

Get email alerts & NEW webcam video instant messaging with Messenger.

http://im.

[Guest guest]

--- Phil Lawrence <> wrote:

> Phil Lawrence <>

> Re: Fwd: Nimda.A Worm Update.

> Tue, 25 Sep 2001 16:33:52 +0200

>

> If anyone is worried that they have been infected by the Nimda worm they

> should download a bespoke utility which searches for and eliminates the

> intruder. The link is

> http://www.zdnet.com/downloads/stories/info/0,10615,86396,00.html and

> the

> file is a product of Symantec (Norton Anti-Virus etc.) so there should

> be no

> worries over its ability to complete the intended task.

>

> Phil

 

=====

Free antivirus software at www.grisoft.com

 

Free firewall software at www.zonealarm.com

 

Check against email hoaxes at www.stiller.com/hoaxes.htm

 

or www.scambusters.org/legends.html

 

 

 

Get email alerts & NEW webcam video instant messaging with Messenger.

http://im.