Virus Information Center
|
Virus Information Center |
What to do: Delete email message, DO NOT open attachment - Update and run your Anti-Virus software immediately
PRECAUTIONS: Be wary of attachments, especially executables (such as attachments ending in .exe, .com or .bat) Be sure that you have the latest Anti-Virus definitions installed on your computer.
| W32.Nimda.A@mm is a new
"category 4" mass-mailing worm that utilizes
multiple methods to spread itself. Users visiting
compromised web servers will be prompted to download an
.EML (Outlook Express) email file, which contains the
worm as an attachment NAME OF ATTACHMENT: README.EXE DAMAGE: - Large scale e-mailing: Uses MAPI to send itself out as README.EXE - Modifies files: Replaces multiple legitimate files with itself - Degrades performance: May cause system slowdown - Compromises security settings: Opens the C drive as a network share} To learn more about this and other viruses, go to www.symantec.com or www.mcafee.com |
| W32.Sircam@mm is a
sophisticated worm that will infect files shared over an
open network so most people will never see the original
infected e-mail associated with the worm. NAME OF ATTACHMENT: (Random, but will always have 2 file extensions, such as filename.doc.lnk) http://www.cnet.com/software/0-5067630-8-6323433-1.html DAMAGE: - SirCam will copy rundll32.exe to the system, renaming the existing rundll32.exe to run32.exe. |
| Code
Red (II) - looks for systems running IIS
that have not patched the unchecked buffer vulnerability
in idq.dll or removed the ISAPI script mappings. Systems
running Windows NT 4.0 or Windows 2000 may be vulnerable.
Specifically, these systems are vulnerable if they are
running the IIS 4.0 or IIS 5.0 webserver software.
Systems running Windows 3.1, 95, 98, and ME are not
vulnerable Information: http://www.incidents.org/react/code_redII.php |