-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is what is known now as the "w32.nimda.amm" worm. This worm is using a good number of attacks to exploit not only IIS but Outlook as well. The worm will send a html e-mail with a attachment called "readme.exe" as a MIME-type of "audio/x-wav". Infected IIS servers will ask web visitors to download a file called "readme.eml" that will download "readme.exe" to the visitors box. The worm also tries to run TFTP.EXE to grab a copy of a dll called "Admin.dll" and place it in the /scripts directory. Russ (Russ.Cooperat_private) - Surgeon General of TruSecure Corporation/NTBugtraq Editor, has been doing most of the research on this worm and I encourage anyone who has been infected with this worm to contact him. H A C K E R ' S D I G E S T - ---------------------------------------------------------------------- - -------- #1 for propeller heads - ---------------------------------------------------------------------- - -------- www.hackersdigest.com John Thornton - jthorntonat_private Editor in Chief Hackers Digest - www.hackersdigest.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBO6d+rBvYMaRdXcazEQJjlwCggg1CzM5LBrgcTohUASRrQOLfnsMAnRT8 6yoQsMlgNkY+5ULjsyZhJRDU =q/Mt -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 12:18:40 PDT