This is G o o g l e's cache of http://csf.colorado.edu/forums/pfvs/2001III/msg01461.html as retrieved on 20 Feb 2004 18:19:05 GMT.
G o o g l e's cache is the snapshot that we took of the page as we crawled the web.
The page may have changed since that time. Click here for the current page without highlighting.
This cached page may reference images which are no longer available. Click here for the cached text only.
To link to or bookmark this page, use the following url: http://www.google.com/search?q=cache:Vjzt6B1_DnsJ:csf.colorado.edu/forums/pfvs/2001III/msg01461.html++%22David+MacClement%22+site:csf.colorado.edu&hl=en


Google is not affiliated with the authors of this page nor responsible for its content.
These search terms have been highlighted: david macclement 

[pf] (2) McAfee anti-virus note
< < <
Date Index
> > >
[pf] (2) McAfee anti-virus note
by David MacClement
20 September 2001 22:00 UTC
< < <
Thread Index
> > >
· McAfee says: "Date Discovered: 9/18".   D.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://vil.mcafee.com/dispVirus.asp?virus_k=99209&;
  starts:

Virus Name:        Risk Assessment: 
W32/Nimda@MM         High 
 
Virus Information: 
Date Discovered: 9/18/01 
Date Added: 9/18/01 
Origin: Unknown  
Length: 57344  
Type: Virus 
SubType: Internet Worm 
DAT Required: 4160 

    ---------

Virus Characteristics:  
 
The information provided here is as of 10:30pm PDT September, 20, 2001. 
This threat can infect all unprotected users of Win9x/NT/2000/ME. 

Its main goal is simply to spread over the Internet and Intranet, infecting
as many users as possible and creating so much traffic that networks are
virtually unusable. 

All end users and administrators running Microsoft Internet Explorer (ver
5.01 or 5.5 without SP2), are advised to install this patch for the
Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
vulnerability. 

All IIS administrators (and Win2K users who may not know they are running
IIS), who have not already done so, should also install this patch (August
15, 2001 Cumulative Patch for IIS) 


This is a mass-mailing worm, which also spreads via network shares, the
Microsoft Web Folder Transversal vulnerability (also used by W32/CodeBlue),
and a Microsoft incorrect MIME Header vulnerability. It also attempts to
create network shares, and utilize the backdoor created by the
W32/CodeRed.c worm 

The email subject line varies, message body is blank, and attachment name
varies and may use the icon for an Internet Explorer HTML document.


The most significant methods of propagation are as follows: 

The email messages created by the worm specify a content-type of
audio/x-wav and contain an executable attachment type. Thus when a message
is accessed, the attachment can be executed without the user's knowledge.
Simply viewing the page in Microsoft Outlook or Microsoft Outlook Express
using the preview pane can infect you. Other mail clients can still receive
these email messages, but double-clicking the attachment would be required
to execute the virus. 

When infecting, it appends .ASP, .HTM, and .HTML documents, and files named
INDEX, MAIN, and DEFAULT, with javascript code which contains instructions
to open a new browser window containing the infectious email message itself
(taken from the dropped file README.EML). Thus when this infected web page
is accessed (locally or remotely) the machine viewing the page is infected.
In other words, simply visiting a web site that is compromised can infect
your computer.  
 ...
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sent on by David.

==^================================================================
EASY UNSUBSCRIBE click here: http://igc.topica.com/u/?aVxifP.aVEN4x
Or send an email To: positive-futures-unsubscribe@igc.topica.com
This email was sent to: csf@moscow.com

T O P I C A -- Register now to manage your mail!
http://www.topica.com/partner/tag02/register
==^================================================================


< < <
Date Index
> > >
Positive Futures List Archives
at CSF
Subscribe to Positive Futures < < <
Thread Index
> > >