My Tech Place News

Virus Info
 MTP News :: 10-1-01 : Reference :: McAfee.com

W32/Nimda@MM

Description
This is a HIGH RISK virus that can infect all unprotected home users and business users of Win9x/NT/2000/ME.

W32/Nimda@MM spreads via email, via shared drives, folders or files, and via infected HTM/L (Web) pages. In addition, it will look for IIS servers to infect via the Microsoft Web Folder Transversal vulnerability vulnerability (also used by W32/CodeBlue).

It is possible to activate the virus by viewing an infected email message within the Microsoft Outlook Preview Pane.

The email attachment name varies and may use the icon for an Internet Explorer HTML document.

Payload
Its main goal is simply to spread over the Internet and Intranet, infecting as many users as possible and creating so much traffic that networks are virtually unusable. It may also take up a large amount of space on your hard drive.

It will attempt to spread itself as follows:

  • The email messages created by the worm contain an attachment that can be executed even if the user does not open it and without the user's knowledge.
  • It infects HTML documents. When the infected documents are accessed (locally or remotely), the machine viewing the page is infected.
  • When the virus finds an open share, it copies itself to each folder on the drive in .EML format. This can include the START UP folder.
  • The worm scans IP addresses looking for IIS servers to infect via the Web Folder Transversal vulnerability.
  • It tries to use the backdoor created by W32/CodeRed.c to infect.
  • It adds worm code to .EXE files.
  • Email addresses are gathered by extracting the email addresses from MAPI messages in Microsoft Outlook and Microsoft Outlook Express, as well as from HTM and HMTL documents.

    Once infected, your system is used to seek out others to infect over the web. As this creates a lot of port scanning, this can cause a network traffic jam.

If you would like to learn more about this virus please see either of the following sites: Symantec, McAfee

 

 
» In This Issue
  • Welcome Message
  • Disaster Recovery Planning : Without Destroying Your Budget
  • A Helpful Guide to Web Search Engines
  • Why Do I Need A Web Site?
  • Virus Info
  • Facts & Figures
  • Satisfied Customers
  • Useful Sites

» Get MTPNews
Text HTML
Name:
Email:
Remove Me From MTP News

» Virus Info

» Facts & Figures
  • Number of pages on the Web: 800 million.
  • Cisco Systems Inc. is today the world's largest Internet commerce site, selling more than $32 million in products every day.

(source: Internet Indicators)


»Satisfied
Customers

"Dennis Ryckeman & his staff at MTP put SDSEO on the world wide web quickly and efficiently. They provided SDSEO with a site that is extremely easy to navigate ans which meets our member's needs. We have been very pleased with the service."

Ken Melius
Executive Director
South Dakota State Employees Organization

Click here to see more satisfied customers

» Useful Sites
  • Find Anything! Learn how to knot a bow tie, host a baby shower, drive a stick shift and much more.Dozens of categories with links to free lessons.
  • Travel Abroad Safely. Before you head over-seas check in with the State Department to find out about travel info abroad.
 

Privacy Policy
-- MTPNews is an monthly publication --
 © 2001 My Tech Place, Inc. All Rights Reserved

Received This Newsletter from a Friend?
The monthly "MTP News" newsletter is full of in-depth information on best business practices and technical and sales readiness tools. We encourage subscribers to forward to friends and co-workers. If you've received this from someone via e-mail, and would like to have our newsletter delivered to you monthly, you can sign up easily. Subscription is FREE; all you have to do is register.

Want to Unsubscribe?
To unsubscribe from this mailing list? Click here.