Message: < previous - next > : Reply : Subscribe : Cleanse
Home   : September 2001 : Group Archive : Group : All Groups

From: "Bob Tolliver" <lifeunlimited@...>
Date: Wed, 19 Sep 2001 00:02:17 -0700

I'm taking the liberty of forwarding this urgent virus warning I just received from my newsletter service provider.  I also saw a report today about it on CNN.  It's a real bear.  Watch out!


Bob Tolliver -- Rom 1:11-12
Life Unlimited Ministries
Do You Get "Shoulder To Shoulder"?
----- Original Message ----- 
From: Glen Stewart 
To: moderator@... 
Sent: Tuesday, September 18, 2001 5:56 PM
Subject: [Moderator] Web tool enhancement & Nimda virus news

Also, there's yet another Windows Web Server virus rampant on the web today.
It's spreading like wildfire and slowing down parts of the Internet from what 
I can tell.

Here's details:

A mass mailing email worm that contains exploit components from the infamous 
Code Red worm has appeared on the Internet, and appears to be spreading fast.

Nimda, which spreads though an infected email attachment, appears at the 
user's In-box with a random subject line and no body text. It comes with 
attachments called readme.exe and an HTML file. Users are advised to open 
neither and delete suspicious emails.

The malicious code contains an exploit string similar to that in the Code Red 
worm which is causing software tools that detect Code Red to "light up like 
Christmas trees", we hear.

MessageLabs, a managed services firm which scans its customers email for 
viruses, has intercepted 164 copies of the virus so far, after it first 
appeared this afternoon, possibly originating from Korea.

Graham Cluley, senior technology consultant at Sophos, said early analysis 
suggested the virus tries to add malicious JavaScript to Web pages on IIS 
servers that are vulnerable to the Code Red worm. But how the virus works 
remains unclear.

AV software vendors are busily updating their software to detect the worm. ®

An increase in port 80 scanning relating to the Nimda worm - which attempts 
to hit IIS boxes with many different exploits - has been reported by CERT. 
Its scanning activities might result in some overall slowdown of the Internet.

Central Command has published a more detailed description of the worm which 
states that although the body of an email appears blank, it contains code 
that will execute if a user views a message in either Outlook or Outlook 

To spread, Nimda uses MAPI (Mailing API) functions in order to extract email 
addresses, according to Central Command.

Another method to spread is by using a Unicode Web Traversal exploit similar 
to Code Blue targets which, as previously reported, tries to reprogramme 
systems previously infected by the Code Red worm.

Associate.com - THE Place to Associate!                   http://associate.com
Over 150 Inspirational/Technical E-mail Lists http://associate.com/lists.shtml

To unsubscribe, send ANY message to <moderator-unsubscribe@...>