URGENT VIRUS MESSAGE!

#1 · September 19, 2001, 3:02 am

Quote from Forum Archives on September 19, 2001, 3:02 am
Posted by: lifeunlimited <lifeunlimited@...>

Friends:

I'm taking the liberty of forwarding this urgent virus warning I just received from my newsletter service provider. I also saw a report today about it on CNN. It's a real bear. Watch out!

Bob

Bob Tolliver -- Rom 1:11-12
Life Unlimited Ministries
[email protected]
Do You Get "Shoulder To Shoulder"?
----- Original Message -----
From: Glen Stewart
To: [email protected]
Sent: Tuesday, September 18, 2001 5:56 PM
Subject: [Moderator] Web tool enhancement & Nimda virus news

Also, there's yet another Windows Web Server virus rampant on the web today.
It's spreading like wildfire and slowing down parts of the Internet from what
I can tell.

Here's details:

A mass mailing email worm that contains exploit components from the infamous
Code Red worm has appeared on the Internet, and appears to be spreading fast.

Nimda, which spreads though an infected email attachment, appears at the
user's In-box with a random subject line and no body text. It comes with
attachments called readme.exe and an HTML file. Users are advised to open
neither and delete suspicious emails.

The malicious code contains an exploit string similar to that in the Code Red
worm which is causing software tools that detect Code Red to "light up like
Christmas trees", we hear.

MessageLabs, a managed services firm which scans its customers email for
viruses, has intercepted 164 copies of the virus so far, after it first
appeared this afternoon, possibly originating from Korea.

Graham Cluley, senior technology consultant at Sophos, said early analysis
suggested the virus tries to add malicious JavaScript to Web pages on IIS
servers that are vulnerable to the Code Red worm. But how the virus works
remains unclear.

AV software vendors are busily updating their software to detect the worm. ®

Update
An increase in port 80 scanning relating to the Nimda worm - which attempts
to hit IIS boxes with many different exploits - has been reported by CERT.
Its scanning activities might result in some overall slowdown of the Internet.

Central Command has published a more detailed description of the worm which
states that although the body of an email appears blank, it contains code
that will execute if a user views a message in either Outlook or Outlook
Express.

To spread, Nimda uses MAPI (Mailing API) functions in order to extract email
addresses, according to Central Command.

Another method to spread is by using a Unicode Web Traversal exploit similar
to Code Blue targets which, as previously reported, tries to reprogramme
systems previously infected by the Code Red worm.

--
welovegod.org - THE Place to Associate! welovegod.org
Over 150 Inspirational/Technical E-mail Lists welovegod.org/lists.shtml

--
To unsubscribe, send ANY message to <[email protected]>

Posted by: lifeunlimited <lifeunlimited@...>

Friends:

I'm taking the liberty of forwarding this urgent virus warning I just received from my newsletter service provider. I also saw a report today about it on CNN. It's a real bear. Watch out!

Bob

Bob Tolliver -- Rom 1:11-12
Life Unlimited Ministries
[email protected]
Do You Get "Shoulder To Shoulder"?
----- Original Message -----
From: Glen Stewart
To: [email protected]
Sent: Tuesday, September 18, 2001 5:56 PM
Subject: [Moderator] Web tool enhancement & Nimda virus news

Also, there's yet another Windows Web Server virus rampant on the web today.
It's spreading like wildfire and slowing down parts of the Internet from what
I can tell.

Here's details:

A mass mailing email worm that contains exploit components from the infamous
Code Red worm has appeared on the Internet, and appears to be spreading fast.

Nimda, which spreads though an infected email attachment, appears at the
user's In-box with a random subject line and no body text. It comes with
attachments called readme.exe and an HTML file. Users are advised to open
neither and delete suspicious emails.

The malicious code contains an exploit string similar to that in the Code Red
worm which is causing software tools that detect Code Red to "light up like
Christmas trees", we hear.

MessageLabs, a managed services firm which scans its customers email for
viruses, has intercepted 164 copies of the virus so far, after it first
appeared this afternoon, possibly originating from Korea.

Graham Cluley, senior technology consultant at Sophos, said early analysis
suggested the virus tries to add malicious JavaScript to Web pages on IIS
servers that are vulnerable to the Code Red worm. But how the virus works
remains unclear.

AV software vendors are busily updating their software to detect the worm. ®

Update
An increase in port 80 scanning relating to the Nimda worm - which attempts
to hit IIS boxes with many different exploits - has been reported by CERT.
Its scanning activities might result in some overall slowdown of the Internet.

Central Command has published a more detailed description of the worm which
states that although the body of an email appears blank, it contains code
that will execute if a user views a message in either Outlook or Outlook
Express.

To spread, Nimda uses MAPI (Mailing API) functions in order to extract email
addresses, according to Central Command.

Another method to spread is by using a Unicode Web Traversal exploit similar
to Code Blue targets which, as previously reported, tries to reprogramme
systems previously infected by the Code Red worm.

--
welovegod.org - THE Place to Associate! welovegod.org
Over 150 Inspirational/Technical E-mail Lists welovegod.org/lists.shtml

--
To unsubscribe, send ANY message to <[email protected]>