Mailinglist Archive: opensuse-security (556 mails)

< Previous Next >
RE: [suse-security] WEB IIS cmd exe requests
  • From: "Matthew Thomas" <mthomas@xxxxxxxxxxxxxxxxx>
  • Date: Tue, 18 Sep 2001 09:12:43 -0700
  • Message-id: <002d01c1405c$bfb58dc0$e105050a@xxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- From the Symantec website:

http://www.symantec.com/avcenter/venc/data/w32.nimda.a@xxxxxxx

W32.Nimda.A@mm
Discovered on: September 18, 2001
Last Updated on: September 18, 2001 at 08:15:23 AM PDT

This is the preliminary information known at this time.

There is a new mass-mailing worm that utilizes email to propagate
itself. The threat arrives as readme.exe in an email.

In addition, the worm sends out probes to IIS servers attempting to
spread by using the Unicode Web Traversal exploit similar to
W32.BlueCode.Worm. Compromised servers may display a webpage
prompting a visitor to download an Outlook file which contains the
worm as an attachment.

Also, the worm will create an open network share allowing access to
the system. The worm will also attempt to spread via open network
shares.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>

iQA/AwUBO6dyemCxI19Ln0TAEQKqeACcD+s7vfY5gPRyJx/jK0jeP6wdkmsAoPWG
bUM6g8DfAJinS+iUuJFJXiO1
=Qn2w
-----END PGP SIGNATURE-----


< Previous Next >
References