Security Incidents mailing list archives

Nimda on Mac?

From: johan.augustsson () adm gu se
Date: Fri, 21 Sep 2001 12:22:22 +0200


I recived a mail from a Mac user that claimed that Nimda has infected
Macs and started to distribute the worm via mail. The user refered to a
post at http://www.xlr8yourmac.com where Mike Breeden claims that his
Mac was infected. How is this possible? I can understand that the IE for
Mac has the same MIME bug as the one for Windows, but how could Nimda
start an SMTP engine for Windows on a Mac to distribute mail?

On all the lists and sites that I have read about Nimda not a single one
mentions Mac as a potentiell target.
What is true?



*** FROM THE WEBPAGE ***

Mac Outlook Express Vulnerable to Nimda Worm: -
Some of you may already know this, but after just previewing an email
today that an attachment sent by the Nimda worm noted in Tuesday's news
, I have gotten bounced email notices (for mails I never sent) and a
note that some email "from" me had the readme.exe (worm's) attachment.
This mail was not actually sent by me (nor are copies in my sent items
folder)- but searching with Sherlock found copies of "readme.exe" in the
Outlook Express temp folder. (No .eml files were found however, I also
searched for invisible files.)

I've disabled the preview pane and added a Rule to automatically delete
any email that has a readme attachment, and suggest you do so also, at
least until Microsoft has a fix for Macs. (There's no updates to NAV for
this nor does NAV find anything from a scan.)
Beware of any emails with attachments, especially if the subject line
has scrambled text (may not be typical, but was for the email I have
seen). I get tons of email every day, often with attachments but I'm
going to be much more cautious now. This happened on my main work
machine, a PowerBook G3 running OS 9.04 with IE 5 and Outlook Express
5.02. (In case anyone gets an email from "mike () xlr8yourmac com" - delete
it. I never send email from that address.)

*** END ***

/Johan Augustsson

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Nimda on Mac? johan . augustsson (Sep 21)
- Re: Nimda on Mac? Kee Hinckley (Sep 21)
- Re: Nimda on Mac? Zora Monster (Sep 21)