Tweet
Beware of W32.Nimda.A@mm worm!
Affected Software Versions
Microsoft IIS 4.0
Microsoft IIS 5.0
this is what Symantec has to say about it.
W32.Nimda.A@mm is a new mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by email, searches for open network shares, and attempts to copy itself to unpatched Microsoft IIS web servers. The worm does this using the Unicode Web Traversal exploit. A patch and information regarding this exploit can be found at http://www.microsoft.com/technet/sec...n/ms00-078.asp
Users visiting compromised Web servers will be prompted to download an .eml (Outlook Express) email file, which contains the worm as an attachment. Name of attachment: README.EXE (This file will NOT be visible as an attachment in the email received)
Also, the worm will create an open network share on the infected computer, allowing access to the system.
full description at http://www.symantec.com/avcenter/ven...imda.a@mm.html
---------
edited to correct the first url posted
Microsoft IIS 4.0
Microsoft IIS 5.0
this is what Symantec has to say about it.
W32.Nimda.A@mm is a new mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by email, searches for open network shares, and attempts to copy itself to unpatched Microsoft IIS web servers. The worm does this using the Unicode Web Traversal exploit. A patch and information regarding this exploit can be found at http://www.microsoft.com/technet/sec...n/ms00-078.asp
Users visiting compromised Web servers will be prompted to download an .eml (Outlook Express) email file, which contains the worm as an attachment. Name of attachment: README.EXE (This file will NOT be visible as an attachment in the email received)
Also, the worm will create an open network share on the infected computer, allowing access to the system.
full description at http://www.symantec.com/avcenter/ven...imda.a@mm.html
---------
edited to correct the first url posted
Comment