[tri-wings] ADMIN - Virus Alert
- From: "Karen Schuler" <karens@xxxxxxxxxxxxxxxx>
- To: "Tri-med" <Tri-Med@xxxxxxxxxxxxx>,"Tri-Family" <Tri-Family@xxxxxxxxxxxxx>,"Tri-Wings" <tri-wings@xxxxxxxxxxxxx>,"Tri-Mosaic" <tri-mosaic@xxxxxxxxxxxxx>
- Date: Fri, 28 Sep 2001 08:40:00 +1000
http://www.infoworld.com/articles/hn/xml/01/09/27/010927hnnimbda.xml?0927alert
Researchers say Nimda set to propagate again
By Deborah Radcliff, Computerworld online
September 27, 2001 10:52 am PT
RESEARCHERS HAVE DISCOVERED a third vector to the Nimda worm, which is set to
propagate again through e-mail at 1 a.m. ET Friday.
"We rechecked the code base to Nimda, and we found a code set that is supposed
to respread Nimda through e-mail systems starting 10
days after machines were first infected," said Oliver Friedrichs, director of
engineering at the Attack Registry and Intelligence
Service. That service is sponsored by SecurityFocus, a business security firm
in San Mateo, Calif.
Ten days after first infecting machines, the worm will attempt to respread
itself through readme.exe attachments, with the same
payload as its original mail-based infection.
The impact could be significant or minute, depending on how well the IT
community has cleaned systems and patched Microsoft IIS
(Internet Information Server) and Outlook programs. The 10-day vector will
likely be less severe than Nimda was the first time
because more systems have been patched against the vulnerabilities, Friedrichs
said.
But because Nimda has spread itself to so many places on computers, networked
systems may not have been cleaned enough to prevent
widespread mailings of the virus. Therefore, Friedrichs advised IT managers to
do the following:
-- Double-check their patches.
-- Make sure their anti-virus software blocks Nimda.
-- Block executables files at the e-mail gateway.
-- Alert users not to preview or open any attachments that say readme.exe.
Building ___ooOOoo__ Rainbows
www.trisomyonline.org
Families Helping Families On-line
Other related posts: