fyi (if you're not on Oz-ISP list or can't be bothered filtering it :)
From: Dale Clapperton [mailto:firstname.lastname@example.org]
Sent: Friday, 28 September 2001 10:54 AM
To: aussie-isp(a)aussie.net; isp-australia(a)isp-australia.com
Subject: [Oz-ISP] Nimda rides again
Researchers say Nimda set to propagate again
By Deborah Radcliff, Computerworld online
September 27, 2001 10:52 am PT
RESEARCHERS HAVE DISCOVERED a third vector to the Nimda worm, which is
set to propagate again through e-mail at 1 a.m. ET Friday.
"We rechecked the code base to Nimda, and we found a code set that is
supposed to respread Nimda through e-mail systems starting 10 days after
machines were first infected," said Oliver Friedrichs, director of
engineering at the Attack Registry and Intelligence Service. That service
is sponsored by SecurityFocus, a business security firm in San Mateo,
Ten days after first infecting machines, the worm will attempt to respread
itself through readme.exe attachments, with the same payload as its
original mail-based infection.
The impact could be significant or minute, depending on how well the IT
community has cleaned systems and patched Microsoft IIS (Internet
Information Server) and Outlook programs. The 10-day vector will likely be
less severe than Nimda was the first time because more systems have been
patched against the vulnerabilities, Friedrichs said.
But because Nimda has spread itself to so many places on computers,
networked systems may not have been cleaned enough to prevent widespread
mailings of the virus. Therefore, Friedrichs advised IT managers to do the
-- Double-check their patches.
-- Make sure their anti-virus software blocks Nimda.
-- Block executables files at the e-mail gateway.
-- Alert users not to preview or open any attachments that say readme.exe
Email "unsubscribe aussie-isp" to majordomo(a)aussie.net to be removed.
The information contained in this email message may be
confidential. If you
are not the intended recipient, any use, distribution, disclosure
of this information is prohibited. If you receive this email in error,
please tell us by return email and delete it and any attachments from your
To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz
where the body of your message reads: