[Fwd: MEDIA RELEASE: F-Secure warns about new complex and widespread worm]

From: Zot O'Connor (zot@private)
Date: Tue Sep 18 2001 - 11:44:23 PDT

Next message: George Heuston: "FW: Nimda Worm Threat --" w32nimda.a.mm" -- Microsoft IIS Systems"

Previous message: George Heuston: "Nimda Worm Threat --" w32nimda.a.mm" -- Microsoft IIS Systems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-- 
Zot O'Connor

http://www.ZotConsulting.com
http://www.WhiteKnightHackers.com

attached mail follows:

This press release comes from F-Secure. For more information on F-Secure's mailing list policy, see end of message. New complex and widespread worm located Helsinki-Finland, September 18, F-Secure Corporation (HEX:FSC) is alerting computer users worldwide about a new, rapidly spreading e-mail worm. Known as "Nimda" this worm combines functionalities of a mass mailer and a web worm. The worm spreads through both e-mail attachments and by attacking vulnerable web servers in the net. End-users can get infected by either opening an e-mail attachment called README.EXE or by surfing on an infected web site, which might offer the user to download README.EXE. After the end-user has executed the file, the worm will continue to spread in two different ways. First it will send itself out via e-mails directed to addresses found from users e-mail inbox. Secondly it will start to scan random internet addressed trying to locate vulnerable IIS web servers. The worm uses several known security holes to spread. One of them enables the e-mail attachment to execute automatically when the e-mail attachment is read on some systems. "Somebody has really put effort into this one", comments Mikko Hypponen, manager of Anti-Virus Research at F-Secure Corporation. "This worm is spreading fast mainly because it's combining many of the earlier attacks into one." The worm is still under investigation. For example, it seems to open local network shares and try to propogate it's code further via existing LAN shares. In addition, Nimda does generate massive amounts of internet traffic. Nimda is the first worm to modify existing web sites to start offering infected files for download. Also it is the first worm to use normal end user machines to scan for vulnerable web sites. This technique enables Nimda to easily reach intranet web sites located behind firewalls - something worms such as Code Red couldn't directly do. The worm contains this string: "Copyright 2001 R.P.China". Latest security patches from Microsoft for Outlook and IIS web server will close the vulnerabilities the worm is using. F-Secure Anti-Virus is capable of detecting, stopping and removing the Nimda virus. The detection of this virus was added on September 18. Technical details as well as a screenshot of the worm are posted at: http://www.f-secure.com/v-descs/nimda.shtml About F-Secure Corporation F-Secure Corporation is a leading provider of centrally managed security for today's mobile, wireless enterprise. The company offers a full range of award-winning, integrated anti-virus, file encryption, distributed firewall and VPN solutions for workstations, servers, gateways and mobile devices. F-Secure products are uniquely suited for delivery of Security as a Service(tm) which provides invisible, reliable, always-on, and up-to-date security for the most widely distributed user base. Whether provided by corporate IT or delivered by service providers, F-Secure solutions extend policy-based security and instant alerts to all devices where information is created, stored or accessed. Founded in 1988, F-Secure Corporation is listed on the Helsinki Stock Exchange [HEX: FSC]. The company is headquartered in Espoo, Finland with North American headquarters in San Jose, California, as well as offices worldwide. For more information, please contact: Mikko Hyppönen, Manager,Anti-Virus Research F-Secure Corporation Tel. +358 9 2520 5513 Fax +358 9 2520 5001 E-mail: Mikko.Hypponen@F-Secure.com http://www.F-Secure.com Mailing list policy You have previously expressed interest in our products, or have asked to be included on one of our press release lists by personally giving us your e-mail address for this purpose. Our mailing list are for the exclusive use and the expressed purpose of F-Secure and are not sold or given to third parties. If you no longer wish to receive our press releases, or your email address has been added to our lists without your consent, you can unsubscribe at http://www.F-Secure.com/news/subscribe.html If you only wish to receive our press releases concerning viruses, please go to http://www.F-Secure.com/news/subscribe.html and first unsubscribe from press-english-interest@private-Secure.com and then subscribe to press-english-virus-announcement@private-Secure.com

Next message: George Heuston: "FW: Nimda Worm Threat --" w32nimda.a.mm" -- Microsoft IIS Systems"
Previous message: George Heuston: "Nimda Worm Threat --" w32nimda.a.mm" -- Microsoft IIS Systems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:25:00 PDT