ENG-LIVERPOOL-L Archives

Archiver > ENG-LIVERPOOL > 2001-09 > 1000935229


From: "Terry Heath" <>
Subject: [ENG-LIV] Re: ENG-LIVERPOOL-D Digest V01 #478
Date: Wed, 19 Sep 2001 22:33:49 +0100
References: <200109191547.f8JFljk17136@lists5.rootsweb.com>


Listers
Extract from "Woody's Watch" a USA site.
This version appears to be a humdinger and must be guarded against without
delay especially those who run Office and Outlook Express

Terry Heath
Cheltenham UK
===========#
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. WHAT'S A NIMDA?
I've just had a chance to look at Nimda, the latest worm to
hit the scene. the major antivirus software companies are
all raising red flags. It sure sounds like a hum-dinger.
Depending upon whom you believe, Nimda uses a dozen or more
methods to transmit itself.

Although details are continuing to come in (and, to my
jaundiced eye, it appears that many of the "facts" being
reported have a very hollow ring about them) we've combined
the more authoritative information available with our own
experience of Nimda to give WOW readers a look at what is
happening, what to watch for and how to protect yourself.

It's pretty clear that Nimda uses at least two "vectors" or
infection methods that Office users need to be concerned
about:

First and foremost, it can come in a formatted (HTML) email
message. The message itself has random gibberish for a
subject, no text in the body, and the From: address can
indicate that it came from just about anybody (not
necessarily the person who sent you the infected message).
Here's the killer. According to several reports, the
message uses a well-known Outlook and Outlook Express
security hole to infect your PC, even if you don't open the
message. It's possible that all you have to do is see the
message in Outlook's preview pane and ZAP! you get hit.If
you simply see the message in Outlook's preview pane, ZAP!
you get hit. Bummer.

Like I said, I haven't had the, uh, opportunity to take a
close look at Nimda, so I won't swear that it's capable of
zapping your PC if you simply preview an infected message.
That kind of infection *is* possible - I've talked
about it in WOW before - and you should take steps to
ensure that the security hole is plugged on your PC.

Second, apparently Nimda can also hijack Web pages and rig
things so anybody looking at an infected page will be asked
if they want to download an Outlook Express email file
(.eml file). Of course, that file is infected. Presumably
it uses an infection method similar to the method outlined
above.

Nimda does a lot more. For example, it travels like the
Code Red and Code Red II worms, infecting older (unpatched)
versions of Microsoft's Internet Information Server. It
also spreads on network shares. Your network
administrator(s) get to deal with that stuff. I don't envy
them.

Nimda doesn't appear to destroy any data directly. The big
problem being reported lies the volume of Internet and
network activity it generates
======================#


This thread: