Subject: | |
From: | |
Reply To: | |
Date: | Wed, 19 Sep 2001 08:20:39 -0400 |
Content-Type: | multipart/alternative |
Parts/Attachments: |
|
|
WEDNESDAY, SEPTEMBER 19: * Help Desk ALERT: a very destructive
Internet worm called W32/Nimda@MM was identified yesterday and is
classified by McAfee.com as a High Risk. It may be a variant of, or
related to, the nasty CodeRed worm. It copies itself to the WINDOWS
SYSTEM directory as LOAD.EXE and creates a SYSTEM.INI entry to load
itself at startup:
Shell=explorer.exe load.exe -dontrunold
Quoting from McAfee.com:
"This threat can infect all unprotected users of Win9x/NT/2000/ME.
Its main goal is simply to spread over the Internet and Intranet,
infecting as many users as possible and creating so much traffic that
networks are virtually unusable.
...
The email messages created by the worm specify a content-type of
audio/x-wav and contain an executable attachment type. Thus when a
message is accessed, the attachment can be executed without the
user's knowledge. Simply viewing the page in Microsoft Outlook or
Microsoft Outlook Express using the preview pane can infect you. "
In other words, this appears to be a really vicious critter, capable
of reproducing and infecting even if you don't open an email
attachment.
There are patches to Outlook Express. This is not an endorsement of a
specific product, but there is more information at
http://www.McAfee.com
|
|
|