It infects 98 (I've got it on the one 98 workstation we run) and may have been involved in infecting two of NT4 servers. I also have two UNinfected NT4 servers that are patched to about the same level as the infected ones - not quite completely patched, but I think I've selected all the appropriate ones for the role each server plays. My W2K server is patched up to the minute and didn't get infected. So far... -- Dave Salovesh RAM Associates, Inc. (800) 543-3635 > -----Original Message----- > From: Brett Glass [mailto:brettat_private] > Sent: Tuesday, September 18, 2001 12:58 PM > To: Jay D. Dyson; Incidents List > Cc: Vuln Dev > Subject: Re: New "concept" virus/worm? > > > At 10:21 AM 9/18/2001, Jay D. Dyson wrote: > > > It's a two-prong worm. It appears to be primarily > disseminated > >via e-mail, and then launches its attacks on web hosts upon > successful > >infection. > > Newsbytes is calling this worm "Code Rainbow," while some of > the antivirus > firms seem to be calling it "W32.Nimda.A@mm". > > Can the e-mail infect anything other than Windows NT/2000? > Will it infect > a system that's running Windows NT/2000 but not IIS? If a > Windows 95/98/ME > user opens it, will his or her system begin to spread the > worm as well? > > --Brett Glass > > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com >
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 11:23:53 PDT