RE: New "concept" virus/worm?

[Dave Salovesh <salovesh () ramassociates com>]

It infects 98 (I've got it on the one 98 workstation we run) and may have
been involved in infecting two of NT4 servers.

I also have two UNinfected NT4 servers that are patched to about the same
level as the infected ones - not quite completely patched, but I think I've
selected all the appropriate ones for the role each server plays.

My W2K server is patched up to the minute and didn't get infected.  So
far...

-- 
Dave Salovesh
RAM Associates, Inc.
(800) 543-3635



> -----Original Message-----
> From: Brett Glass [mailto:brett () lariat org]
> Sent: Tuesday, September 18, 2001 12:58 PM
> To: Jay D. Dyson; Incidents List
> Cc: Vuln Dev
> Subject: Re: New "concept" virus/worm?
>
>
> At 10:21 AM 9/18/2001, Jay D. Dyson wrote:
>
> >        It's a two-prong worm.  It appears to be primarily 
> disseminated
> > via e-mail, and then launches its attacks on web hosts upon 
> successful
> > infection.
>
> Newsbytes is calling this worm "Code Rainbow," while some of 
> the antivirus
> firms seem to be calling it "W32.Nimda.A@mm".
>
> Can the e-mail infect anything other than Windows NT/2000? 
> Will it infect
> a system that's running Windows NT/2000 but not IIS? If a 
> Windows 95/98/ME 
> user opens it, will his or her system begin to spread the 
> worm as well?
>
> --Brett Glass
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com