Security Incidents mailing list archives
Re: New "concept" virus/worm?
From: "Michael H. Warfield" <mhw () wittsend com>
Date: Tue, 18 Sep 2001 17:16:46 -0400
On Tue, Sep 18, 2001 at 10:57:36AM -0600, Brett Glass wrote:
At 10:21 AM 9/18/2001, Jay D. Dyson wrote:
It's a two-prong worm. It appears to be primarily disseminated via e-mail, and then launches its attacks on web hosts upon successful infection.
Newsbytes is calling this worm "Code Rainbow," while some of the antivirus firms seem to be calling it "W32.Nimda.A@mm".
Can the e-mail infect anything other than Windows NT/2000? Will it infect a system that's running Windows NT/2000 but not IIS? If a Windows 95/98/ME user opens it, will his or her system begin to spread the worm as well?
It's also propagating over network shares and probing for netbios connections which it can log into as "guest". Seems to also add a guest account to the infected system and tries to add it to the admin group. ;-/
--Brett Glass
Mike -- Michael H. Warfield | (770) 985-6132 | mhw () WittsEnd com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: New "concept" virus/worm?, (continued)
- Re: New "concept" virus/worm? Brett Glass (Sep 18)
- Re: New "concept" virus/worm? Berislav Kucan (Sep 18)
- Re: New "concept" virus/worm? Jim Olsen (Sep 18)
- Re: New "concept" virus/worm? Bernie Cosell (Sep 18)
- MIME type of readme.eml (was Re: New "concept" virus/worm? Rob Quinn (Sep 19)
- Re: MIME type of readme.eml (was Re: New "concept" virus/worm? Henrik Pedersen (Sep 19)
- Re: New "concept" virus/worm? Brett Glass (Sep 18)
- Re: New "concept" virus/worm? Ryan Russell (Sep 18)
- Re: New "concept" virus/worm? Nick FitzGerald (Sep 18)
- Re: New "concept" virus/worm? Jim (Sep 18)
- Side Affect of the new worm: HD fills up Stanley G. Bubrouski (Sep 19)
- Re: New "concept" virus/worm? Michael H. Warfield (Sep 18)
- RE: New "concept" virus/worm? Joseph P Frazee (Sep 18)
- RE: New "concept" virus/worm? Tina Bird (Sep 18)