-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 12:22 PM +0200 9/21/01, johan.augustssonat_private wrote: >I recived a mail from a Mac user that claimed that Nimda has infected >Macs and started to distribute the worm via mail. The user refered to a >post at http://www.xlr8yourmac.com where Mike Breeden claims that his >Mac was infected. How is this possible? I can understand that the IE for >Mac has the same MIME bug as the one for Windows, but how could Nimda >start an SMTP engine for Windows on a Mac to distribute mail? There was a similar post on MacFixit to which I sent a correction this morning. What's happening is that people are receiving copies of bounced email that contains the Virus, so they think that they are infected. In fact Nimda was using their email address as a forged return address because it was in the address book of someone who was infected. I recommend that anyone who receives Nimda via email use a tool such as http://www.spamwatcher.com/ or http://www.spamcop.net/ to track down the actual sender's IP address (or just read the Received headers). You can't rely on the UA-generated email headers. Nimda *can* corrupt Macintosh files if the Macintosh exports a share (via a product such as Dave, which provides PC file sharing services for the Mac). But those files won't execute on a Mac. - -- Kee Hinckley - Somewhere.Com, LLC http://consulting.somewhere.com/ nazgulat_private (or ...!alice!nazgul for time travelers :-) I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Security 7.0.3 iQA/AwUBO6tp2yZsPfdw+r2CEQJb/ACbBFD014/fAjlnlA3QaxkeoUNPitkAn38Z z1Z6Ywa+0cQ3ip1220GeCXqk =xDu+ -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 09:50:05 PDT