Previous Thread
Next Thread
Print Thread
Rate Thread
ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76971 09/18/2001 2:30 PM
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
OP Offline
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
The new NIMDA worm, a variant of the Code Red virus, sends itself out by email, searches for open network shares, exploits a bug in Microsoft Internet Explorer, and attempts to copy itself to unpatched Microsoft IIS web servers using the Unicode Web Traversal exploit.

A patch and information regarding the Unicode Web Traversal exploit can be found at http://www.microsoft.com/technet/security/bulletin/ms00-078.asp .

Web servers compromised by this worm apparently attach a "readme.eml" to all web pages served and due to an existing bug in Internet Explorer 5, it will automatically execute this file. Users running Microsoft Internet Explorer version 5.01 or greater, are advised to install a free patch available from Microsoft to prevent this method of infection.


You can find more information on NIMDA at:



Those running IIS might want to consider purchasing a product like McAfee's SecureIIS Application Firewall to protect themselves against this and future attacks:
http://corporate.mcafee.com/content/software_products/secureiis.asp?cid=2443

[ 09-18-2001: Message edited by: Steve_M ]

Sponsored Links
Re: ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76972 09/18/2001 2:57 PM
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
Offline
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
could explain some of the slow-down.. I haven't found a patch yet, the ms site link was a 404


- Allen wavey
- What Drives You?
Re: ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76973 09/18/2001 3:15 PM
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
OP Offline
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Sorry, the period at the end of the URL was added to the link. I removed it and the link now functions.

Re: ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76974 09/18/2001 3:27 PM
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
Offline
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
Oh, ok, thanks for the heads up.. we've been patched for quite a while now smile


- Allen wavey
- What Drives You?
Re: ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76975 09/18/2001 3:36 PM
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
OP Offline
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Sorry, I wasn't trying to imply that UBBDev is infected...I wanted to get the word out to other IIS web server users in case they have not previously patched their server. smile

Sponsored Links
Re: ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76976 09/18/2001 3:40 PM
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
Offline
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
No problem... you are quite right to post it, especially since it appears to be a new worm trying to use old exploit(s)... smile


- Allen wavey
- What Drives You?
Re: ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76977 09/19/2001 1:02 AM
Joined: May 2001
Posts: 6,708
Member
Offline
Member
Joined: May 2001
Posts: 6,708
Is it a must to download this patch for my web browser? Will this worm do anything to my comp or just web servers I access?

Re: ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76978 09/19/2001 5:30 AM
Joined: Jul 2000
Posts: 1,349
Ell Offline
Member
Offline
Member
Joined: Jul 2000
Posts: 1,349
ARGH! Just installed it... don't you LOVE the non-optional "YOU WILL RESTART YOUR COMPUTER NOW!! HIT OK!!" M$ put into all their hotfixes? At least this one doesn't have a countdown. *eyes narrow*

Re: ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76979 09/19/2001 7:05 AM
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
Offline
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
Apparently aimed at Win NT/2K, it will also mess up win98/me pc's. It uses 16 known exploits to really screw your computer over if you haven't patched it recently. One of the few attachements in email as well that you don't have to open for it to infect your pc, according to the guy on the radio a few minutes ago smile


- Allen wavey
- What Drives You?
Re: ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76980 09/19/2001 9:05 AM
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
OP Offline
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Yes, if you are running Windows 95/98 you really need to install this patch, if you haven't already done so:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp

Sponsored Links
Re: ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76981 09/19/2001 10:24 AM
Joined: Feb 1999
Posts: 1,379
cal Offline
Programmer
Offline
Programmer
Joined: Feb 1999
Posts: 1,379
hehehe. you silly outlook users. hehehe

Just a thought smile

Re: ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76982 09/20/2001 2:19 AM
Joined: May 2001
Posts: 6,708
Member
Offline
Member
Joined: May 2001
Posts: 6,708
I downloaded it and I got a Message saying "This update does not need to be installed". Whats going on?

[ 09-20-2001: Message edited by: Lord Dexter ]

Re: ALERT NIMDA Worm...Patch your IIS Web Server, Disable JavaScript!!
#76983 09/20/2001 11:23 AM
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
OP Offline
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Lord Dexter,

You probably previously applied the patch...most likely if you used windowsupdate.microsoft.com in the recent past.


Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
jgeoff
jgeoff
NJ
Posts: 96
Joined: April 2001
Forum Statistics
Forums63
Topics37,529
Posts293,721
Members13,834
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online 130
Topics Created 0
Posts Made 0
Users Online 0
Birthdays 28
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,795
Greg Hard 4,625
Top Posters(30 Days)
isaac 3
Top Likes Received
isaac 33
Gizmo 8
Brett 7
Morgan 2
Top Likes Received (30 Days)
isaac 3
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2020 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Snapshot build 20200228.dev)
Responsive Width:

PHP: 5.4.45 Page Time: 0.054s Queries: 40 (0.023s) Memory: 3.3445 MB (Peak: 3.5534 MB) Data Comp: Zlib Server Time: 2020-02-29 07:23:09 UTC
Valid HTML 5 and Valid CSS