Virus

   / Virus #2  
Bird, as far as I can see, it does not apply to WIN98/ME users. It is for the mail/network servers, etc on WIN NT/2000.

UPDATE:
New Nimda worm info..... taken from three different webpages...

Sharon Ruckman, senior director of security response at Symantec Corp., said the virus is attacking in three different ways. It can arrive at a user’s PC via an e-mail with an attachment called “readme.exe.” If a user opens that attachment, Nimda then sends copies of itself to people in the victim’s address book, similar to Melissa or the LoveBug.
But the worm also starts scanning the Internet at that point, looking for vulnerable Web servers running Microsoft software, similar to Code Red.
And, if it worms its way onto a Web server, Nimda deploys a new attack strategy. It drops a file onto the Web site containing the malicious program. It then tries to automatically upload the infected file onto the machines of any visitors to the Web site.
By midday Tuesday, there were scattered reports of infected Web sites unknowingly uploading the virus to victims.
--------------------------------------------------------------------------------

RANDOM SUBJECT LINES
So far, most e-mails containing the worm include an attachment called “readme.exe.” But McGee said other attachment names have also been reported, suggesting the name is actually random. The subject line of the infected message and the body text in the message are also random — meaning Nimda-carrying e-mails arrive with no real distinguishing characteristics. That makes warning users extremely difficult.
And there are reports that this worm uses a new type of infection mechanism that attacks recipients even if they don’t open an attachment. UK-based GFI said in a research note that Nimda can infect users who view their e-mail through a reader that displays HTML, like Microsoft’s Outlook Express.
Antivirus research firm MessageLabs Inc. reported it had already trapped nearly 500 copies of the e-mail virus within hours after its discovery — a rapid rate of uptick compared to most viruses, but not to the epidemic levels of Melissa or the LoveBug

--------------------------------------------------------------------------------

Aliases:
NIMDA.A, W32/Nimda.A@mm
Description:
This is preliminary information. This description will be updated as more information becomes available.

This Trojan spreads via email with an attachment readme.exe. It drops the file mepXXXX.tmp in the C:\Windows\Temp directory, which is an eml format mail. This temp file contains the file attachment sent by the worm.

The typical name of the file attachment is readme.exe but there have been reports of file attachments with the extensions .wav and .com. Wininit.ini contains an entry that sets one of the mepXXXX.tmp files to a null value.

Trend Micro recommends that customers block all executable files at this time.

<P ID="edit"><FONT SIZE=-1>Edited by scruffy on 09/18/01 04:22 PM (server time).</FONT></P>
 
   / Virus #3  
Hey, buy a Macintosh, nobody wants to waste the time to attack our puny percentage-wise ranks!

Less time spent downloading virus patches, more time hearing the diesel run!

dig on

del
 
   / Virus #4  
Taken from another board that I frequent:
""W32.Nimda.A@mm is a new mass-mailing worm ...., and attempts to copy itself to unpatched Microsoft IIS web servers."
PC users should not worry unless you're operating an IIS server without the code red patch. (Not the casual desktop, you would be aware if you were running a web server!) "

The problem that I see, is that this virus can be passed to a server via the desktop PC....so we should probably try to corral and delete this on our PC if we find it.
 
   / Virus
  • Thread Starter
#5  
Thanks, Scruffy, I think? As you might guess, this is all Greek to me (my apologies to any of you who might be of Greek descent)./w3tcompact/icons/wink.gif I haven't even got this Dell broke to lead yet./w3tcompact/icons/laugh.gif I get e-mails all the time from friends and family warning of first one virus and then another, and at least 90% of the time, I go to Symantec's site and find it's a hoax. And I missed Ashcroft's press conference (at least I guess that's what is was), but my wife came and told me that Ashcroft was warning people about a virus that might be worse than Code Red.

And del, I have enough problems trying to figure out how to get this PC to work right; don't think I want to start trying to learn to operate an Apple./w3tcompact/icons/wink.gif

Bird
 
   / Virus #6  
Bird, et al, The Nimda virus is a good reason to activate the 'personal' protection in your address book (this will prevent us from being a 'Typhoid Mary of Email').....I will include it here in case I forgot to post it before:

To avoid spreading computer viruses, create a contact in your email address book with the name: !0000 with no email address in the details.

This contact will then show up as your first contact in your address book. If a virus attempts to do a "send all" on your contact list, your pc will put up an error message saying that: "The Message could not be sent. One or more recipients do not have an e-mail address. Please check your Address Book and make sure all the recipients have a valid e-mail address."

You click on OK and the offending (virus) message will not be sent to anyone. Of course no changes have been made to your original contacts list. The offending (virus) message may then be automatically stored in your "Drafts" or "Outbox" folder. Go in there and delete the offending message. Problem is solved and virus is not spread.

Hopefully, this will be of benefit.
 
   / Virus #7  
Bird, the Mac's are pretty easy to use, even now. A few years ago they were as simple as dirt, as with all computer programs (it seems) they are now bigger fatter slower and more complicated.

But you'll feel great with a Mac, like owning a grey market tractor, none of the "real" tractor owners will speak to you!

You may find that some of the locally available diesel won't work in your unit either.

But having just one main operating system with so many computers, it just invites this type of problem.

Actually the true rebels run UNIX/LINUX systems. The ram chips in my head are damaged so I have to stay with something I know (or think I know) /w3tcompact/icons/smile.gif

del
 
   / Virus #8  
Norton's, McAfee, MS all have updates posted for this virus.
General synopsis is to:
Nimda.......update your virus scanner, now!
This threat can infect all unprotected users of Win9x/NT/2000/ME via email propogation.

Details:

Upon execution it drops the file mepXXXX.tmp in the C:\Windows\Temp directory, which is an eml format mail. This temp file contains the file attachment sent by the worm mails. Wininit.ini has an entry that sets one of the meXXXXX.tmp.exe files to a null value, deleting one of the meXXXXX.tmp.exe files.

The typical name of the file attachment is readme.exe but there have been reports of file attachments with the extensions .wav and .com. Wininit.ini contains an entry that sets one of the mepXXXX.tmp files to a null value.

The worm propagates via email using its own SMTP engine and also through Messaging APIs. The Trojan carrying the email may be executed when opened using Microsoft Outlook or Outlook Express. It makes use of an exploit on these email clients when they try to display an email in html format that contains frames.

The worm also propagates through shared drives. Similar to PE_FUNLOVE.4099, the worm searches the network that the infected machine is connected to, for shared folders with write access. If one is found, a randomly named NWS (Newsgroup posting) or EML file is dropped. These dropped files also contain the worm as an attachment.

It can also spread to machines with IIS installed using the IIS Web Directory Traversal exploit

The attachment attacks SERVERS it will NOT live in a personal pc .. but go out on your email addy book, searching for servers in your book, BUT will not do so REPEATEDLY from your machine .. on a SERVER it WILL repeatedly go out ... denial in service attack ... and as worms go .. it will ONLY go out on email .. BUT will NOT use your machine to generate denial in service attacks .. which is the REALLY bad part. They really do NO file damage .. just generates a HUGE volume of eMail from the server/web sites IF the web site is using NT or 2000.<P ID="edit"><FONT SIZE=-1>Edited by scruffy on 09/18/01 06:23 PM (server time).</FONT></P>
 
   / Virus
  • Thread Starter
#9  
All right, Scruffy!/w3tcompact/icons/smile.gif I can understand that (and did it).

Bird
 
   / Virus
  • Thread Starter
#10  
When I posted the initial message, I had checked and Symantec didn't have a virus definition for it to update my Norton AntiVirus; now it says they do, so I'll guess I'll update it in a few minutes.

Bird
 
 
Top