Re: Nimda on Mac?

From: Kee Hinckley (nazgulat_private)
Date: Fri Sep 21 2001 - 09:24:47 PDT

Next message: Portnoy, Gary: "Yet Another Nimda Thread (YANT)"

Previous message: Owen Creger: "Symantec Security Response - W32.Nimda.A@mm Removal Tool"
In reply to: johan.augustssonat_private: "Nimda on Mac?"
Next in thread: Zora Monster: "Re: Nimda on Mac?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 12:22 PM +0200 9/21/01, johan.augustssonat_private wrote:
>I recived a mail from a Mac user that claimed that Nimda has infected
>Macs and started to distribute the worm via mail. The user refered to a
>post at http://www.xlr8yourmac.com where Mike Breeden claims that his
>Mac was infected. How is this possible? I can understand that the IE for
>Mac has the same MIME bug as the one for Windows, but how could Nimda
>start an SMTP engine for Windows on a Mac to distribute mail?

There was a similar post on MacFixit to which I sent a correction 
this morning. What's happening is that people are receiving copies of 
bounced email that contains the Virus, so they think that they are 
infected.  In fact Nimda was using their email address as a forged 
return address because it was in the address book of someone who was 
infected.  I recommend that anyone who receives Nimda via email use a 
tool such as http://www.spamwatcher.com/ or http://www.spamcop.net/ 
to track down the actual sender's IP address (or just read the 
Received headers).  You can't rely on the UA-generated email headers.

Nimda *can* corrupt Macintosh files if the Macintosh exports a share 
(via a product such as Dave, which provides PC file sharing services 
for the Mac).  But those files won't execute on a Mac.

- -- 

Kee Hinckley - Somewhere.Com, LLC
http://consulting.somewhere.com/
nazgulat_private (or ...!alice!nazgul for time travelers :-)

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQA/AwUBO6tp2yZsPfdw+r2CEQJb/ACbBFD014/fAjlnlA3QaxkeoUNPitkAn38Z
z1Z6Ywa+0cQ3ip1220GeCXqk
=xDu+
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Portnoy, Gary: "Yet Another Nimda Thread (YANT)"
Previous message: Owen Creger: "Symantec Security Response - W32.Nimda.A@mm Removal Tool"
In reply to: johan.augustssonat_private: "Nimda on Mac?"
Next in thread: Zora Monster: "Re: Nimda on Mac?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 09:50:05 PDT