posted
I was just watching a show on tv and they said this virus can't be detected yet by anti-virus software. It mainly goes after servers running Microsoft products and also Internet Explorer 5 and Outlook Express. You don't even have to open the attachment to get it. The only way to keep from getting it is to update IE and Outlook Express to the newest updates.
Geuss what I've been doin'
-------------------- Ace Graphics & Printing Camdenton, MO. USA
posted
In my opinion any e-mail program that automatically opens e-mail and attachments should not be used. Outlook Express is one of these programs, Bill
-------------------- Bill & Barbara Biggs Art's Sign Service, Inc. Clute, Texas, USA Home of The Great Texas Mosquito Festival Proud 10 year Supporter of the Letterheads Website www.artssigns.com "MrBill-" on the chat page MailTo:biggsbb@sbcglobal.net Posts: 1020 | From: Lake Jackson,Tx | Registered: Nov 1998
| IP: Logged |
This threat can infect all unprotected users of Win9x/NT/2000/ME.
This is a HIGH RISK virus that is spread via email. The infected email can come from addresses that you recognize.W32/Nimda@MM also spreads via open shares, the Microsoft Web Folder Transversal vulnerability (also used by W32/CodeBlue), and a Microsoft content-type spoofing vulnerability. The email attachment name varies and may use the icon for an Internet Explorer HTML document.
Customizing the program file extension list using VirusScan 4.5 (and higher) may result in a lack of protection against this Trojan. As always, AVERT recommends that users configure VirusScan to scan all files. If this is not an option in your environment, the default extension list should be used.
What can this virus do?
It attempts to create a share (c , and checks for the presence of the Trojan dropped by the W32/CodeRed.c worm. It will attempt to spread itself as follows: The email messages created by the worm specify a content-type of audio/x-wav with an executable attachment type. Thus when a message is accessed, the attachment can be executed even if the user does not open it and without the user's knowledge.
It adds JavaScript code to HTML documents, which opens a new browser window containing the infectious email message itself (taken from the dropped file README.EML). When this infected window is accessed (locally or remotely), the machine viewing the page is then infected.
Once infected, your system is used to seek out others to infect over the web. As this creates a lot of port scanning, this can cause a network traffic jam.
It creates a SYSTEM.INI entry to load the worm at startup: Shell=explorer.exe load.exe -dontrunold
A MIME encoded version of the work is created in each folder on the drive (often as README.EML, can also be .NWS files) Certain execuatble files are selected by the worm and altered.
The virus contains the string : Concept Virus (CV) V.5, Copyright (C) 2001 R.P.China
The copy paste and uploaded side of the Moon
-------------------- The Moon aka: Stefenie Harris Moonlight Designs Pollock Pines, CA learnin' somethin' new every day! stefenie@comcast.net
Posts: 550 | From: Pollock Pines, CA, USA | Registered: Nov 1998
| IP: Logged |
posted
I can personally vouch for this worm. I got it today on my computer at work. I don't have a clue how I got it. It's pretty sneaky. It's the W32.Nimda.A@mm worm. I'm still waiting for Norton to post the fix. Watch out!
BTW: the latest update will NOT catch the virus!
mark
[ September 18, 2001: Message edited by: Mark Barnhill ]
posted
I downloaded Grisoft and updated to the latest, but looking at the list of viruses they have me protected from I see no listing for this new one...furthermore, whan I try to go to thier site to get more info, it's down more than it's up.....
Maybe THEY have a virus!!!!
[ September 19, 2001: Message edited by: AdrienneMorgan ]
, and checks for the presence of the Trojan dropped by the W32/CodeRed.c worm. It will attempt to spread itself as follows:
Printer-friendly view of this topic