September 18, 2001 -
MUSKEGON, MI -
DejaNET Communications today has been informed of the presence of this
new worm which was discovered today. This is a mass mailing worm,
which also spreads via open shares, and a Microsoft Web Folder Transversal
vulnerability. The email attachment name seems to be limited to Readme.exe
and uses the icon for an Internet Explorer HTML document. The virus contains
the string : Concept Virus (CV) V.5, Copyright (C) 2001 R.P.China
More info is available from
Symantec's web site:
http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
Norton
Anti virus will have updated virus definitions available soon. At
this time, there is no means of removal. In the meantime, DO NOT
DOWNLOAD OR OPEN ANY ATTACHMENTS.
UPDATE
- September 19, 2001 - MUSKEGON, MI - Norton Anti virus with definitions
dated 09/18/2001 now can detect and remove W32.Nimda.A@mm from infected
systems. Update your anti virus definitions
immediately. All Windows 95/98/ME/NT and 2000 users are potentially at
risk - even those machines not running IIS.
If your subscription has run out, please contact Virtual
Concepts ASAP for renewal instructions. IE 5.0 and 5.5 users
are also at risk by simply viewing web pages served from infected IIS Servers.
If your computer has a version of Microsoft's Internet Explorer less than
version 6.0 (or is without IE 5 with Service Pak 2 or later installed)
you will then need to patch your browser by visiting windowsupdate.com
using your Internet Explorer browser. Outlook Express and Outlook
Users need to apply patches as well as users with IIS running also need
to apply some extra patches. Keep in mind the windowsupdate web site
is very overloaded at this time. We plan on making the patches available
from this web page soon. Windows IIS users may use the banner link
at the top of this web page to check your system online.
There
are many sites on the Internet being affected by various delays at this
time due to the Code Red Worm, New York incident, and now this Nimda Worm.
Please be patient and try again at a later time if you are having bandwidth
problems.
Also,
just to clarify to anyone who has any doubts, the DejaNET Servers are hosted
using Solaris from Sun Microsystems and not Microsoft's IIS, all of our
web pages are created using Netscape Composer, and all emails are processed
using Netscape Messenger so there is no possible link between our network,
web pages, email and passing Nimda. Nimda is passed by servers running
IIS and by Outlook or Outlook Express users. We have received reports
from people in the past who were simply very ignorant and feared visiting
our web site or any others discussing viruses/worms. These pages
are simply for YOUR education on how to protect yourself now and in the
future and to make our JOB easier by not having to clean up after your
mess.
Once
again, DejaNET and Virtual Concepts On-Site Security services are available
for anyone who cannot complete these tasks on their own at the rate of
$65.00 per hour plus .23 cents per mile. Feel free to contact
us if you need help securing your systems and/or network, otherwise,
attempt to follow the steps and info links that we have provided here on
this web page.
Symantec
has also released new info on September 19, 2001 about the worm at this
web page with is worth a good reading:
New
Analysis of Computer Worm Indicates Additional Destructive Payload - 09/19/2001
Symantec News Release
UPDATE
- September 20, 2001 - MUSKEGON, MI - Through
the strength of our OEM relationship with Microsoft (oh what joy!), we
have also made these direct links available for users of Microsoft's Internet
Explorer to obtain IE 5.0 or 5.5 updates which can be downloaded here if
you are unable to utilize windowsupdate.com:
Microsoft
Internet Explorer Critical Updates
Internet
Explorer 6 can also be downloaded at this link (although a week or so ago
it was recommended not to by most Internet related companies due to various
bugs in the program - It might now be a good time to do so simply to rid
yourself of any attempted virus/worm infection from the Nimda Worm):
http://www.microsoft.com/windows/ie/default.asp
MORE
INFO AND LINKS:
Virulent
Nimda computer worm hits U.S., Asia - InfoWorld/Reuters
NIMDA:
The Worst Worm Yet - ZDNet News
Home
PCs At Most Risk From Nimda - ZDNet News
NIMDA'S
Speedy Attack - Nimda Worm Strikes - TechTV Special Report
How
To Avoid The Nimda Worm - TechTV
Microsoft
Deflects Charges of Worm Woes - C-Net
New
Worm Slows Some Internet Operations - C-Net
Microsoft
IIS Patches - (Must Be Viewed Using IE - Microsoft Should Be Slapped With
A Wet Razor Noodle For Such Stupidity)
|
