[GFISEC] Nimda worm analysis
- From: "Sandro Gauci" <sandro@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 20 Sep 2001 11:39:02 +0200
Hi all,
We posted the following description of the recent Nimda worm, which includes a
few details I did not see on other posts:
"This new worm took everyone by surprise. It is one of the first few to infect
both client and server computers, making it highly effective in spreading fast,
and almost automatically, without the need for user intervention. It makes use
of 2 security vulnerabilities in Microsoft products, the IIS Unicode
Vulnerability, as well as another vulnerability in Internet Explorer and
Windows Media Player 6.4 (which is included with Windows 2000). This worm also
makes use of hosts previously infected by Code-Red II as well as infection
through the NETBIOS protocol."
Further details : http://www.gfi.com/press/nimdaworm.htm
Kind Regards
Sandro Gauci
GFI Security Labs
http://www.gfi.com
GFI - Security & communications products for Windows NT/2000
http://www.gfi.com
**********************************************************
This mail was content checked for malicious code or viruses
by Mail essentials. Mail essentials for Exchange/SMTP is an
email security, content checking & anti-virus gateway that
removes all types of email-borne threats before they can affect
your email users. Spam, viruses, dangerous attachments & offensive
content can be removed before they reach your mail server.
In addition it has server-based email encryption, disclaimers
and other email features.
***********************************************************
In addition to Mail essentials, GFI also produces the FAXmaker
fax server product range & LANguard internet access control &
intrusion detection. For more information on our products please
visit http://www.gfi.com
Other related posts:
- » [GFISEC] Nimda worm analysis
