Nimda on Mac?

From: johan.augustssonat_private
Date: Fri Sep 21 2001 - 03:22:22 PDT

Next message: Jose Romeo Vela: "IE 5.5 SP2 incident"

Previous message: Craig, Scott: "Port 6635"
Next in thread: Kee Hinckley: "Re: Nimda on Mac?"
Reply: Kee Hinckley: "Re: Nimda on Mac?"
Reply: Zora Monster: "Re: Nimda on Mac?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I recived a mail from a Mac user that claimed that Nimda has infected
Macs and started to distribute the worm via mail. The user refered to a
post at http://www.xlr8yourmac.com where Mike Breeden claims that his
Mac was infected. How is this possible? I can understand that the IE for
Mac has the same MIME bug as the one for Windows, but how could Nimda
start an SMTP engine for Windows on a Mac to distribute mail?

On all the lists and sites that I have read about Nimda not a single one
mentions Mac as a potentiell target.
What is true?



*** FROM THE WEBPAGE ***

Mac Outlook Express Vulnerable to Nimda Worm: -
Some of you may already know this, but after just previewing an email
today that an attachment sent by the Nimda worm noted in Tuesday's news
, I have gotten bounced email notices (for mails I never sent) and a
note that some email "from" me had the readme.exe (worm's) attachment.
This mail was not actually sent by me (nor are copies in my sent items
folder)- but searching with Sherlock found copies of "readme.exe" in the
Outlook Express temp folder. (No .eml files were found however, I also
searched for invisible files.)

I've disabled the preview pane and added a Rule to automatically delete
any email that has a readme attachment, and suggest you do so also, at
least until Microsoft has a fix for Macs. (There's no updates to NAV for
this nor does NAV find anything from a scan.)
Beware of any emails with attachments, especially if the subject line
has scrambled text (may not be typical, but was for the email I have
seen). I get tons of email every day, often with attachments but I'm
going to be much more cautious now. This happened on my main work
machine, a PowerBook G3 running OS 9.04 with IE 5 and Outlook Express
5.02. (In case anyone gets an email from "mikeat_private" - delete
it. I never send email from that address.)

*** END ***

/Johan Augustsson

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jose Romeo Vela: "IE 5.5 SP2 incident"
Previous message: Craig, Scott: "Port 6635"
Next in thread: Kee Hinckley: "Re: Nimda on Mac?"
Reply: Kee Hinckley: "Re: Nimda on Mac?"
Reply: Zora Monster: "Re: Nimda on Mac?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 08:54:23 PDT