On Tue, Sep 18, 2001 at 10:57:36AM -0600, Brett Glass wrote: > At 10:21 AM 9/18/2001, Jay D. Dyson wrote: > > It's a two-prong worm. It appears to be primarily disseminated > >via e-mail, and then launches its attacks on web hosts upon successful > >infection. > Newsbytes is calling this worm "Code Rainbow," while some of the antivirus > firms seem to be calling it "W32.Nimda.A@mm". > Can the e-mail infect anything other than Windows NT/2000? Will it infect > a system that's running Windows NT/2000 but not IIS? If a Windows 95/98/ME > user opens it, will his or her system begin to spread the worm as well? It's also propagating over network shares and probing for netbios connections which it can log into as "guest". Seems to also add a guest account to the infected system and tries to add it to the admin group. ;-/ > --Brett Glass Mike -- Michael H. Warfield | (770) 985-6132 | mhwat_private (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 16:22:07 PDT