Virus warning

Andrew Pratt

Senior HTF Member
Joined
Dec 8, 1998
Messages
3,806
Guys there's a new virus going around thats simlar to the Code Red worm...its mainly a problem for Win NT and Win2K platforms running MS's ISS but I think its as good a reason as any to make sure your Anti Viral software is current and has the newest update available.
http://www.canoe.ca/CNEWSTechNews0109/18_worm-ap.html
 

Kevin P

Screenwriter
Joined
Jan 18, 1999
Messages
1,439
Guys there's a new virus going around thats simlar to the Code Red worm...its mainly a problem for Win NT and Win2K platforms running MS's ISS
It's called [email protected] (nimda is admin spelled backwards, btw). It will spread to IIS systems like Code Red, but it also will email itself like Sircam, LoveLetter, etc. So it's not just NT/2K platforms that are vulnerable.
Also, it appears that Symantec (makers of Norton Antivirus) don't have updated definitions on their site to detect this worm, yet. The description says that the 9/18 definitions will detect it, but only the 9/17 definitions are available for download right now. I bet the 9/18 update will be up later on today.
In the meantime, if someone sends you a file named README.EXE, don't open it!!
KJP
 

McPaul

Screenwriter
Joined
Apr 1, 1999
Messages
1,798
Location
Vancouver
Real Name
Paul M
Yep I heard about this myself from a friend of mine, and shortly after I received an email from someone I dont know with an attachment of "hottie.exe" Which will not be opened. So it may not only be readme.exe files being sent. In general, don't open any .exe or .com file unless you are expecting something.
------------------
THAT'S just EVIL!!!! and EVIL is WRONG!!!!!
 

Steven K

Supporting Actor
Joined
Jan 10, 2000
Messages
830
Ahh, the joys of running IIS. We got nailed by this today, hardcore... just got things back up and running. You know it's bad when the netadmins have the programmers coming in trying to help (of course, I dont know that much about IIS or networking to begin with, so I was of little help). So, I wrote a program that displays a sympathy message to the network admins
 

Tim Johnson

Agent
Joined
Feb 19, 2000
Messages
34
I am running IIS, and while I am seeing hits to my server from this virus, I am not infected. Please people, if you are running ANY operating system keep up to date on your patches. These vulnerabilities in IIS have been known for months, and the patches have been available.
 

brentl

Senior HTF Member
Joined
May 7, 1999
Messages
2,921
That's one of the great things about using Yahoo for my email. They remind me to scan every attachment.
Never had a problem.
Brent L
 

Ryan Wright

Screenwriter
Joined
Jul 30, 2000
Messages
1,875
CAREFUL!!
This one is nasty. It will infect client machines as well as servers. If you go to an infected server, YOU can be infected through an exploit in IE. That's right, IE will just up and run the code for you usually without prompting. (shudder).
My Apache server is getting hit repeatedly and it's saturating my bandwidth. I went out to one of the sites listed in my logs and was immediately hit with the virus on the client side. I updated my anti-virus software an hour or two ago and it caught it.
More info on the client side exploit: http://www.guninski.com/eml-desc.html
My advice? Get yourself a virus scanner. NOW. If you are running Windows 2000 or NT, go out to Microsoft's site and apply the appropriate updates. NOW. It doesn't matter if you're not running a server; if you use 2000 or NT it's highly likely that IIS is running on your machine. In which case, you're probably already infected (with this AND the Code Red variations...).
------------------
-Ryan (http://www.ryanwright.com )
Before you criticize someone, walk a mile in their shoes.
That way, when you do criticize them, you'll be a mile away and you'll have their shoes.
 

Kevin P

Screenwriter
Joined
Jan 18, 1999
Messages
1,439
Update: Symantec has updated definitions that detect this worm.
My firewall has logged over 800 http hits today, up from around 200 yesterday. Must be Nimda nocking...

KJP
 

McPaul

Screenwriter
Joined
Apr 1, 1999
Messages
1,798
Location
Vancouver
Real Name
Paul M
hmmmmm... when my buddy first told me about this virus earlier, i did a liveupdate with norton.... did a scan... all was fine. went to work came home, did another live update as soon as I went back to this thread, seeing norton has supposedly has it on their site... did a scan.... 67 infected files that can't be cleaned or quarrantined. What to do? I haven't opened any wierd files in quite some time... what do I do now?
------------------
THAT'S just EVIL!!!! and EVIL is WRONG!!!!!
 

Parker Clack

Schizophrenic Man
Moderator
Senior HTF Member
Joined
Jun 30, 1997
Messages
12,227
Location
Kansas City, MO
Real Name
Parker
Norton found two on my system and quarrantined them. I would go back to Norton and get the latest updates.
Parker
 

McPaul

Screenwriter
Joined
Apr 1, 1999
Messages
1,798
Location
Vancouver
Real Name
Paul M
Parker... yeah, like I said, I did a "liveupdate" during the day when i first heard about the virus, then a scan, went to work, did another "liveupdate" and another scan and that's when I found all the infected files... I think I'm going to have to reformat... groan..
------------------
THAT'S just EVIL!!!! and EVIL is WRONG!!!!!
 

Forum Sponsors

Forum statistics

Threads
344,816
Messages
4,721,075
Members
141,342
Latest member
Gellert