Madinat al-Muslimeen Islamic Message Board
|Virus Alert - W32.Nimda.A@mm Worm|
|09/19/01 at 02:11:50|
|Symantec Security Response has received a number of submissions on W32.Nimda.A.@mm and is rating it as a Category 4.|
W32.Nimda.A@mm is a new mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by email, searches for open network shares, attempts to copy itself to unpatched or already vulnerable Microsoft IIS web servers, and is a virus infecting both local files and files on remote network shares.
The worm uses the Unicode Web Traversal exploit. A patch and information regarding this exploit can be found at http://www.microsoft.com/technet/security/bulletin/ms00-078.asp.
When the worm arrives by email, the worm uses a MIME exploit allowing the virus to be executed just by reading or previewing the file. Information and a patch for this exploit can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
Users visiting compromised Web servers will be prompted to download an .eml (Outlook Express) email file, which contains the worm as an attachment. Users can disable 'File Download' in their internet security zones to prevent compromise.
Also, the worm will create open network shares on the infected computer, allowing access to the system. During this process the worm creates the guest account with Administrator privileges.
Individual posts do not necessarily reflect the views of Jannah.org, Islam, or all Muslims. All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the poster and may not be used without consent of the author.The rest © Jannah.Org