RE: New "concept" virus/worm?

["John Thornton" <jthornton () hackersdigest com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is what is known now as the "w32.nimda.amm" worm. This worm is
using a good number of attacks to exploit not only IIS but Outlook as
well. The worm will send a html e-mail with a attachment called
"readme.exe" as a MIME-type of "audio/x-wav". Infected IIS servers
will ask web visitors to download a file called "readme.eml" that
will download "readme.exe" to the visitors box. The worm also tries
to run TFTP.EXE to grab a copy of a dll called "Admin.dll" and place
it in the /scripts directory.

Russ (Russ.Cooper () RC ON CA) - Surgeon General of TruSecure
Corporation/NTBugtraq Editor, has been doing most of the research on
this worm and I encourage anyone who has been infected with this worm
to contact him.

H     A     C     K     E     R     '     S          D     I     G   
 E     S     T
- ----------------------------------------------------------------------
- --------
#1 for propeller heads
- ----------------------------------------------------------------------
- --------
www.hackersdigest.com

John Thornton  -  jthornton () hackersdigest com
Editor in Chief
Hackers Digest -  www.hackersdigest.com

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBO6d+rBvYMaRdXcazEQJjlwCggg1CzM5LBrgcTohUASRrQOLfnsMAnRT8
6yoQsMlgNkY+5ULjsyZhJRDU
=q/Mt
-----END PGP SIGNATURE-----