Folks, This is what I've been able to glean preliminarily on Nimda in: Attacks based on a Code Red II variant. The worm utilizes multiple methods of penetration, including use of corporate email (social engineering) through dissemination of a readme.exe file attachment to the email, that when executed (clicked on) injects and propogates internally and conducts a comprehensive scan to identify multiple IIS vulnerabilities. McAfee advises that the full info on this will be available presently at www.mcaffee.com; and as Paul Speck just posted, there's a dat fix for this at McAffee... I attach an additional item re Nimda from F-Secure: F-Secure Radar Level 2 Alert A new worm called Nimda is spreading globally today. Here is the text from the Radar alert: "On September 18th, 2001 a new worm Nimda was found in the wild. It spreads in email messages as an attachment called Readme.exe and also in a similar way as CodeRed worm." for more information: http://www.f-secure.com/v-descs/nimda.shtml
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:59 PDT