[THIN] Re: nirit ...a virus?

• From: "Rob Beekmans" <robbeekmans@xxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Mon, 14 Oct 2002 20:35:09 +0200

Further on from the site:


If you visit a compromised Web server, you will be prompted to download
an .eml (Outlook Express) email file, which contains the worm as an
attachment. You can disable "File Download" in your Internet Explorer
internet security zones to prevent this compromise.

Also, the worm will create open network shares on the infected computer,
allowing access to the system. During this process the worm creates the
guest account with Administrator privileges.


Grx
Rob

-----Oorspronkelijk bericht-----
Van: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] Namens
Rob Beekmans
Verzonden: maandag 14 oktober 2002 20:29
Aan: thin@xxxxxxxxxxxxx
Onderwerp: [THIN] Re: nirit ...a virus?



http://www.symantec.com/avcenter/venc/data/w32.nimda.a@xxxxxxx

Look at this one.....might be

-----Oorspronkelijk bericht-----
Van: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] Namens
Mario Villarreal
Verzonden: maandag 14 oktober 2002 20:16
Aan: 'thin@xxxxxxxxxxxxx'
Onderwerp: [THIN] Re: nirit ...a virus?



.eml

i dont want to open it

i didnt create this one ;-) j/k
what scares me is we had a disgruntled employee leave right about the
time our problems started.  He was an mcse working in our accounting
department.

-----Original Message-----
From: Rob Beekmans [mailto:robbeekmans@xxxxxxxxxxxxx]
Sent: Monday, October 14, 2002 11:07 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: nirit ...a virus?



Me neither, can you specify what kind of extension it has?

Did you create a virus????...LOL

Grx
rob

-----Oorspronkelijk bericht-----
Van: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] Namens
Schneider, Chad M.
Verzonden: maandag 14 oktober 2002 19:39
Aan: 'thin@xxxxxxxxxxxxx'
Onderwerp: [THIN] Re: nirit ...a virus?



Never heard of it, and can find no information regarding it.

-----Original Message-----
From: Mario Villarreal [mailto:MarioV@xxxxxxxxx]
Sent: Monday, October 14, 2002 12:36 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] nirit ...a virus?


Hi
We just found over 3000 files named nirit on our Citrix server.  It
appears to be an outllook or email message.  Has anyone seen or heard of
a virus similar to this. Please help Mario


**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents. http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents. http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm


**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents. http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm
**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents. http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm


**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents. http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm


**********************************************
This weeks sponsor 99Point9.com
99Point9 helps solve your unresolved technical
server-based questions, issues and incidents.
http://www.99point9.com
***********************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

• References:
  • [THIN] Re: nirit ...a virus?
    • From: Rob Beekmans

Other related posts:

• » [THIN] nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?
• » [THIN] Re: nirit ...a virus?

1. Home
2. thin
3. Archive
4. 10-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---