Folks, A final follow up on this issue. It appears the zip file extracted by the FIX_NIMDA.exe trojan, FIX_NIMDA.zip, that when extracted creates the folder FIX_NIMDA with four files (FIX_NIMDA.exe, readme.txt, SLIDE.DAT, and slide.exe) is an older version of TrendMicro's tool and thus not malicious. Interestingly, the extracted tool is version 1.22 but the readme.txt file was from version 1.23. A few folks wrote to let us know they have found this zip file, as opposed to the FIX_NIMDA.com executable distributed now by TrendMicro, in a number of different web sites. These all appear to be earlier version of TrendMicro's tool and not infected. All this being said do keep in mind that while the zip file that gets extracted is not malicious the trojan does installed the BioNet trojan, installed the KeyEye keystroke logger, and open up all your drives via shares while its extracting the zip file. -- Elias Levy SecurityFocus http://www.securityfocus.com/ Si vis pacem, para bellum ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 12:53:02 PDT