Security Incidents mailing list archives
Re: Nimda on Mac?
From: Kee Hinckley <nazgul () somewhere com>
Date: Fri, 21 Sep 2001 12:24:47 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 12:22 PM +0200 9/21/01, johan.augustsson () adm gu se wrote:
I recived a mail from a Mac user that claimed that Nimda has infected Macs and started to distribute the worm via mail. The user refered to a post at http://www.xlr8yourmac.com where Mike Breeden claims that his Mac was infected. How is this possible? I can understand that the IE for Mac has the same MIME bug as the one for Windows, but how could Nimda start an SMTP engine for Windows on a Mac to distribute mail?
There was a similar post on MacFixit to which I sent a correction this morning. What's happening is that people are receiving copies of bounced email that contains the Virus, so they think that they are infected. In fact Nimda was using their email address as a forged return address because it was in the address book of someone who was infected. I recommend that anyone who receives Nimda via email use a tool such as http://www.spamwatcher.com/ or http://www.spamcop.net/ to track down the actual sender's IP address (or just read the Received headers). You can't rely on the UA-generated email headers. Nimda *can* corrupt Macintosh files if the Macintosh exports a share (via a product such as Dave, which provides PC file sharing services for the Mac). But those files won't execute on a Mac. - -- Kee Hinckley - Somewhere.Com, LLC http://consulting.somewhere.com/ nazgul () somewhere com (or ...!alice!nazgul for time travelers :-) I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Security 7.0.3 iQA/AwUBO6tp2yZsPfdw+r2CEQJb/ACbBFD014/fAjlnlA3QaxkeoUNPitkAn38Z z1Z6Ywa+0cQ3ip1220GeCXqk =xDu+ -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda on Mac? johan . augustsson (Sep 21)
- Re: Nimda on Mac? Kee Hinckley (Sep 21)
- Re: Nimda on Mac? Zora Monster (Sep 21)