The virus forwards itself to other email addresses found on the computer. Furthermore, the virus looks for IIS web servers suffering from several vulnerabilities, including the Unicode Directory Traversal vulnerability.
DLL and runs. The virus attempts to alter the contents of pages on such servers, hunting for files with the filenames:. If it finds one of the above files on the web server, the virus attempts to alter the contents of the file, adding a section of malicious JavaScript code to the end of the file.
If the website is then browsed by a user with an insecure version of Internet Explorer, the malicious code automatically downloads a file called readme. While spreading using shared network drives, the virus drops a number of randomly named files with the extension EML and NWS.
The content of those files is identical to the content of readme. Unlike a worm, which is a virus spread through e-mail attachments, the Nimda virus can be caught just by surfing the Internet. If Internet users stop at a Web site that's been infected, their personal files can be infiltrated by the virus.
Nimda, which is "Admin" spelled backward, targets Windows-based servers and computers. It has caused Web sites across the world to shut down. Experts implored computer users to update their anti-virus software and visit Microsoft's Web site to download protective software before reading their e-mail or visiting other Web sites.
Several researchers noted that the first reports of the worm came almost exactly a week after the twin terrorist attacks in Washington and New York. But Attorney General John Ashcroft has said there is no evidence linking the worm to last week's attacks. What are you looking for? Preferences Community Newsletters Log Out. Written by Robert Lemos , Contributor. Robert Lemos Contributor Full Bio.
Please note that these patches do not include Outlook Express. Click here for help with installation or for more information regarding this patch. Don't open attachments! One of the best ways to prevent virus infections is not to open attachments, especially when viruses such as this one are actively circulating.
Even if the e-mail message is from a known source, be careful. A few viruses take mailing lists from an infected computer and send out new messages with its destructive payload attached. Always scan any attached files for viruses, and unless the attachment is a file or an image you are expecting, delete it. Stay informed.
Did you know that there are virus and security alerts almost every day? Get protection. If you don't already have virus-protection software on your machine, you should. In addition, it can turn computers into zombies that can be used to launch future denial-of-service attacks on Web sites.
Virus experts have learned the worm can modify files on PCs and expose files to intruders, said Bill Pollack, spokesman for the Computer Emergency Response Team Coordination Center, a federally funded group at Carnegie Mellon University in Pittsburgh that monitors Internet security.
The worm appears to be widespread. The Web site of McAfee. Goostree said. Mikko Hypponen, manager of antivirus research at F-Secure Corp.
0コメント