<< Although only Windows systems are affected, this time this worm includes Windows desktops, servers, etc., whether running IIS or not (unlike Code Red). Viewing a page from an infected IIS server may be enough to infect a desktop system, because of the applet the virus launches >>
WORD UP!!..I just did a scan and came up with 5 bookmarked web pages that were infected...and they were local govt sites...stupid IS people
<< Both my servers are getting hammered with attempts right now. Damn, just when Code Red had finally slowed down.
Shux posted this URL scan tool. It uses rule sets to bounce these requests and turns them in to tidy little 404s. It will help keep your log file size down.
Russ, NCNE >>
Both mine too. I had to unplug em from the network. I'll work on cleansing em tomorrow. FVCK! its gonna take forever, since the log files have totally bogged down the comp. The MOUSE jerks!
<Am I correct in reading that IE 5.5 SP2 is not vulnerable to this virus?>
From Incidents.org:
[Re: email attachments]: Any x86 email software that uses IE 5.5 SP1 or earlier to display HTML messages will automatically execute the malicious attachment if the message is merely opened or previewed. This happens because the worm MIME encodes the attachment to take advantage of a known vulnerability called "Automatic Execution of Embedded MIME Types".
[Re: surfing]: If the worm successfully infects a web server, it uses the HTTP service to propagate itself to clients who browse the web server's pages. Upon infecting a victim server, the worm creates a copy of itself named "readme.eml" and traverses the directory tree (including network shares) searching for web-related files such as those with .html, .htm, or .asp extensions. Each time the worm finds a web content file, it appends a piece of JavaScript to the file. The JavaScript forces a download of readme.eml to any client that views the file via a browser. Some versions of Internet Explorer will automatically execute the readme.eml file and allow the worm to infect the client. The IE vulnerability issue here is the same as in the email propagation mechanism; that is, IE 5.5 SP1 or earlier is vulnerable to the "Automatic Execution of Embedded MIME Types" problem.Allowing JavaScript in the browser enables the attack to take advantage of the vulnerability.
Internet Explorer users should be careful to use a version of the browser that is secured against the "Automatic Execution of Embedded MIME Types" vulnerability. Microsoft recommends upgrading to IE 5.5 SP2 or IE 6.0 to avoid problems.
From Incidents.org:
[Re: email attachments]: Any x86 email software that uses IE 5.5 SP1 or earlier to display HTML messages will automatically execute the malicious attachment if the message is merely opened or previewed. This happens because the worm MIME encodes the attachment to take advantage of a known vulnerability called "Automatic Execution of Embedded MIME Types".
[Re: surfing]: If the worm successfully infects a web server, it uses the HTTP service to propagate itself to clients who browse the web server's pages. Upon infecting a victim server, the worm creates a copy of itself named "readme.eml" and traverses the directory tree (including network shares) searching for web-related files such as those with .html, .htm, or .asp extensions. Each time the worm finds a web content file, it appends a piece of JavaScript to the file. The JavaScript forces a download of readme.eml to any client that views the file via a browser. Some versions of Internet Explorer will automatically execute the readme.eml file and allow the worm to infect the client. The IE vulnerability issue here is the same as in the email propagation mechanism; that is, IE 5.5 SP1 or earlier is vulnerable to the "Automatic Execution of Embedded MIME Types" problem.Allowing JavaScript in the browser enables the attack to take advantage of the vulnerability.
Internet Explorer users should be careful to use a version of the browser that is secured against the "Automatic Execution of Embedded MIME Types" vulnerability. Microsoft recommends upgrading to IE 5.5 SP2 or IE 6.0 to avoid problems.
Grrr. :|
I ran my usual scan this morning (which supposedly found nothing), upgraded to IE 6, then immediately got the blue screen of death. Every time I start up, I get the damn thing now.
I ran my usual scan this morning (which supposedly found nothing), upgraded to IE 6, then immediately got the blue screen of death. Every time I start up, I get the damn thing now.
Hehe. Just received an email that the Federal Credit Union's internal web site here at the CDC is infected and shut down until further notice.
We get nailed every time there's a new virus as some stupid secretary will open the thing, it finds the CDC GLOBAL address book in outlook and proceeds to mail itself to most of that list (1000's of people). Meanwhile the moron that opened it sits and wonders why outlook is so slow that day. Then the IT guys shut everything down and clean up the mess over a period of days. Two weeks later, another moron who was on sabbatical while all this was going on, comes back to work, sees an attachment in an email that looks interesting, opens it, and starts the whole process over again. :|
This doesn't do much to discount the rumors that federal employees are stupid, does it?
Fausto
We get nailed every time there's a new virus as some stupid secretary will open the thing, it finds the CDC GLOBAL address book in outlook and proceeds to mail itself to most of that list (1000's of people). Meanwhile the moron that opened it sits and wonders why outlook is so slow that day. Then the IT guys shut everything down and clean up the mess over a period of days. Two weeks later, another moron who was on sabbatical while all this was going on, comes back to work, sees an attachment in an email that looks interesting, opens it, and starts the whole process over again. :|
This doesn't do much to discount the rumors that federal employees are stupid, does it?
Fausto
<< This doesn't do much to discount the rumors that federal employees are stupid, does it? >>
Trust me, private employees are just as bad.
I'll tell you, though, the individual user who opens an attachment doesn't piss me off nearly as much as the Admin who's too damned lazy or ignorant to patch his server. I think ISPs should have a zero tolerance policy. Your server gets infected, your pipe is nuked until you get it cleaned up.
Russ, NCNE
<Anyone got any news on the cleanup procedure?
By all means, download this cleaner.
I was feeling pretty confident that I hadn't been infected until I ran this program and discovered that I had been infected. It found the file, cleaned and deleted it.
By all means, download this cleaner.
I was feeling pretty confident that I hadn't been infected until I ran this program and discovered that I had been infected. It found the file, cleaned and deleted it.
<when will people learn DONT OPEN SH|T FROM YOUR EMAIL!>
OmegaCode -
Read the earlier posts. You can get infected by Nimda from opening - or previewing - email when using a vulnerable emailer.
OmegaCode -
Read the earlier posts. You can get infected by Nimda from opening - or previewing - email when using a vulnerable emailer.
<< Dammit! Does this mean another 400 warnings a day from Zone Alarm?!? >>
Just turn off Zone Alarm and Fo'get about it.
<< when will people learn DONT OPEN SH|T FROM YOUR EMAIL! >>
when will people learn DONT WRITE SH|T WITHOU READING THREAD!
I dunno how many people said the same thing in this and other threads. It infected WORD DOCUMENTS on a pc here.
<< Although only Windows systems are affected, this time this worm includes Windows desktops, servers, etc. >>
I am not so sure about that... as much as I really hate to say it...I just got an email from a fellow admin at my company up in Washington that says its replicating on our UNIX servers... not confirmed that its nimda, I havent heard back from him, but, could be worse than we thought.
My company lost two days of productivity to nimda. We were hit several hours before the virus def's came out... networking dept had one helluva cleaning the infected workstations as well as the NT and Novell servers.
It's amazing how virus programmers are getting more and more sophisticated these days...
It's amazing how virus programmers are getting more and more sophisticated these days...
Had a run-in with it today on my server farm. It's mean virus. First one that I have seen that you can get from just looking at an infected website!
If you have not patched your machine with 3 YEAR OLD PATCHES.
You DESERVE to get this virus. The admins are getting paid WAY TOO MUCH, to not do their work.
You DESERVE to get this virus. The admins are getting paid WAY TOO MUCH, to not do their work.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter