I recived a mail from a Mac user that claimed that Nimda has infected Macs and started to distribute the worm via mail. The user refered to a post at http://www.xlr8yourmac.com where Mike Breeden claims that his Mac was infected. How is this possible? I can understand that the IE for Mac has the same MIME bug as the one for Windows, but how could Nimda start an SMTP engine for Windows on a Mac to distribute mail? On all the lists and sites that I have read about Nimda not a single one mentions Mac as a potentiell target. What is true? *** FROM THE WEBPAGE *** Mac Outlook Express Vulnerable to Nimda Worm: - Some of you may already know this, but after just previewing an email today that an attachment sent by the Nimda worm noted in Tuesday's news , I have gotten bounced email notices (for mails I never sent) and a note that some email "from" me had the readme.exe (worm's) attachment. This mail was not actually sent by me (nor are copies in my sent items folder)- but searching with Sherlock found copies of "readme.exe" in the Outlook Express temp folder. (No .eml files were found however, I also searched for invisible files.) I've disabled the preview pane and added a Rule to automatically delete any email that has a readme attachment, and suggest you do so also, at least until Microsoft has a fix for Macs. (There's no updates to NAV for this nor does NAV find anything from a scan.) Beware of any emails with attachments, especially if the subject line has scrambled text (may not be typical, but was for the email I have seen). I get tons of email every day, often with attachments but I'm going to be much more cautious now. This happened on my main work machine, a PowerBook G3 running OS 9.04 with IE 5 and Outlook Express 5.02. (In case anyone gets an email from "mikeat_private" - delete it. I never send email from that address.) *** END *** /Johan Augustsson ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 08:54:23 PDT