|
|
#76971
09/18/2001 3:30 PM
|
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
|
Moderator / Kingpin
Joined: Feb 2001
Posts: 817 |
The new NIMDA worm, a variant of the Code Red virus, sends itself out by email, searches for open network shares, exploits a bug in Microsoft Internet Explorer, and attempts to copy itself to unpatched Microsoft IIS web servers using the Unicode Web Traversal exploit. A patch and information regarding the Unicode Web Traversal exploit can be found at http://www.microsoft.com/technet/security/bulletin/ms00-078.asp . Web servers compromised by this worm apparently attach a "readme.eml" to all web pages served and due to an existing bug in Internet Explorer 5, it will automatically execute this file. Users running Microsoft Internet Explorer version 5.01 or greater, are advised to install a free patch available from Microsoft to prevent this method of infection. You can find more information on NIMDA at: Those running IIS might want to consider purchasing a product like McAfee's SecureIIS Application Firewall to protect themselves against this and future attacks: http://corporate.mcafee.com/content/software_products/secureiis.asp?cid=2443 [ 09-18-2001: Message edited by: Steve_M ]
|
|
|
#76972
09/18/2001 3:57 PM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
could explain some of the slow-down.. I haven't found a patch yet, the ms site link was a 404
|
|
|
#76973
09/18/2001 4:15 PM
|
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
|
Moderator / Kingpin
Joined: Feb 2001
Posts: 817 |
Sorry, the period at the end of the URL was added to the link. I removed it and the link now functions.
|
|
|
#76974
09/18/2001 4:27 PM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
Oh, ok, thanks for the heads up.. we've been patched for quite a while now
|
|
|
#76975
09/18/2001 4:36 PM
|
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
|
Moderator / Kingpin
Joined: Feb 2001
Posts: 817 |
Sorry, I wasn't trying to imply that UBBDev is infected...I wanted to get the word out to other IIS web server users in case they have not previously patched their server.
|
|
|
#76976
09/18/2001 4:40 PM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
No problem... you are quite right to post it, especially since it appears to be a new worm trying to use old exploit(s)...
|
|
|
#76977
09/19/2001 2:02 AM
|
Joined: May 2001
Posts: 6,708
Member
|
Member
Joined: May 2001
Posts: 6,708 |
Is it a must to download this patch for my web browser? Will this worm do anything to my comp or just web servers I access?
|
|
|
#76978
09/19/2001 6:30 AM
|
Joined: Jul 2000
Posts: 1,349
Member
|
Member
Joined: Jul 2000
Posts: 1,349 |
ARGH! Just installed it... don't you LOVE the non-optional "YOU WILL RESTART YOUR COMPUTER NOW!! HIT OK!!" M$ put into all their hotfixes? At least this one doesn't have a countdown. *eyes narrow*
|
|
|
#76979
09/19/2001 8:05 AM
|
Joined: Mar 2000
Posts: 21,079 Likes: 3
I type Like navaho
|
I type Like navaho
Joined: Mar 2000
Posts: 21,079 Likes: 3 |
Apparently aimed at Win NT/2K, it will also mess up win98/me pc's. It uses 16 known exploits to really screw your computer over if you haven't patched it recently. One of the few attachements in email as well that you don't have to open for it to infect your pc, according to the guy on the radio a few minutes ago
|
|
|
#76981
09/19/2001 11:24 AM
|
Joined: Feb 1999
Posts: 1,379
Programmer
|
Programmer
Joined: Feb 1999
Posts: 1,379 |
hehehe. you silly outlook users. hehehe Just a thought
|
|
|
#76982
09/20/2001 3:19 AM
|
Joined: May 2001
Posts: 6,708
Member
|
Member
Joined: May 2001
Posts: 6,708 |
I downloaded it and I got a Message saying "This update does not need to be installed". Whats going on?
[ 09-20-2001: Message edited by: Lord Dexter ]
|
|
|
#76983
09/20/2001 12:23 PM
|
Joined: Feb 2001
Posts: 817
Moderator / Kingpin
|
Moderator / Kingpin
Joined: Feb 2001
Posts: 817 |
Lord Dexter,
You probably previously applied the patch...most likely if you used windowsupdate.microsoft.com in the recent past.
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 449
Joined: February 2008
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
|
Most Online5,166 Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
|
|
|