Re: New "concept" virus/worm?

["Bernie Cosell" <bernie () fantasyfarm com>]

On 18 Sep 2001, at 14:01, Jim Olsen wrote:

> This is a cumulation of the information i've found on W32.nimda thus far:
>
> W32.nimda is NOT a code red variant, and the people who referring to it as 
> "Code Blue" were mistaken...

 [...]

> EVERYONE who uses internet explorer to browse the internet should probably do 
> one of two things to stop from being automatically infected by W32.nimda (i 
> have not tested whether or not turning off javascript fixes the problem):
>         o) don't browse web pages until microsoft releases a patch
>         o) turn OFF javascript

I was under the impression that the vulnerability that nimda exploits was 
known and has been patched (in May)

<http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q290108>
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-020.asp>

> EVERYONE who uses outlook/outlook express should, at the very least, not open 
> any attachments that they are not expecting.

THIS recommendation has nothing to do with nimda -- anyone who hasn't 
gotten *THIS* message yet is hopeless...  Taking the opportunity to 
restate it here is OK, I guess, since a lot of folk jsut WONT get the 
message.

> . Turning off auto-preview might 
> be a good idea as well.

Why?

  /bernie\


-- 
Bernie Cosell                     Fantasy Farm Fibers
mailto:bernie () fantasyfarm com     Pearisburg, VA
    -->  Too many people, too few sheep  <--          

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com