Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
The new NIMDA worm, a variant of the Code Red virus, sends itself out by email, searches for open network shares, exploits a bug in Microsoft Internet Explorer, and attempts to copy itself to unpatched Microsoft IIS web servers using the Unicode Web Traversal exploit.

A patch and information regarding the Unicode Web Traversal exploit can be found at http://www.microsoft.com/technet/security/bulletin/ms00-078.asp .

Web servers compromised by this worm apparently attach a "readme.eml" to all web pages served and due to an existing bug in Internet Explorer 5, it will automatically execute this file. Users running Microsoft Internet Explorer version 5.01 or greater, are advised to install a free patch available from Microsoft to prevent this method of infection.


You can find more information on NIMDA at:



Those running IIS might want to consider purchasing a product like McAfee's SecureIIS Application Firewall to protect themselves against this and future attacks:
http://corporate.mcafee.com/content/software_products/secureiis.asp?cid=2443

[ 09-18-2001: Message edited by: Steve_M ]

Sponsored Links
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
could explain some of the slow-down.. I haven't found a patch yet, the ms site link was a 404


- Allen wavey
- What Drives You?
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Sorry, the period at the end of the URL was added to the link. I removed it and the link now functions.

Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
Oh, ok, thanks for the heads up.. we've been patched for quite a while now smile


- Allen wavey
- What Drives You?
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Sorry, I wasn't trying to imply that UBBDev is infected...I wanted to get the word out to other IIS web server users in case they have not previously patched their server. smile

Sponsored Links
Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
No problem... you are quite right to post it, especially since it appears to be a new worm trying to use old exploit(s)... smile


- Allen wavey
- What Drives You?
Joined: May 2001
Posts: 6,708
Member
Member
Offline
Joined: May 2001
Posts: 6,708
Is it a must to download this patch for my web browser? Will this worm do anything to my comp or just web servers I access?

Joined: Jul 2000
Posts: 1,349
Ell Offline
Member
Member
Offline
Joined: Jul 2000
Posts: 1,349
ARGH! Just installed it... don't you LOVE the non-optional "YOU WILL RESTART YOUR COMPUTER NOW!! HIT OK!!" M$ put into all their hotfixes? At least this one doesn't have a countdown. *eyes narrow*

Joined: Mar 2000
Posts: 21,079
Likes: 3
I type Like navaho
I type Like navaho
Joined: Mar 2000
Posts: 21,079
Likes: 3
Apparently aimed at Win NT/2K, it will also mess up win98/me pc's. It uses 16 known exploits to really screw your computer over if you haven't patched it recently. One of the few attachements in email as well that you don't have to open for it to infect your pc, according to the guy on the radio a few minutes ago smile


- Allen wavey
- What Drives You?
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Yes, if you are running Windows 95/98 you really need to install this patch, if you haven't already done so:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp

Sponsored Links
Joined: Feb 1999
Posts: 1,379
cal Offline
Programmer
Programmer
Offline
Joined: Feb 1999
Posts: 1,379
hehehe. you silly outlook users. hehehe

Just a thought smile

Joined: May 2001
Posts: 6,708
Member
Member
Offline
Joined: May 2001
Posts: 6,708
I downloaded it and I got a Message saying "This update does not need to be installed". Whats going on?

[ 09-20-2001: Message edited by: Lord Dexter ]

Joined: Feb 2001
Posts: 817
Moderator / Kingpin
Moderator / Kingpin
Joined: Feb 2001
Posts: 817
Lord Dexter,

You probably previously applied the patch...most likely if you used windowsupdate.microsoft.com in the recent past.


Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
Posts: 70
Joined: January 2007
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
Morgan 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)