Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Nimda worm attacks

Nimda worm attacks

by phiber on September 20th, 2001 Experts are tracking a fast-spreading virus that propagates both by sending itself as an email attachment, and by hacking into vulnerable web servers.


the [email protected] worm spreads by infecting Microsoft IIS servers that are open to known software vulnerabilities: the IIS 4.0/5.0 File Permission Canonicalization Vulnerability, the IIS/PWS Escaped Characters Decoding Command Execution Vulnerability, and the IIS/PWS Extended Unicode Directory Traversal Vulnerability. Fixes for all three holes are available from Microsoft.


- Nimda also attacks Microsoft Outlook. The worm arrives as a blank message with an attachment "readme.exe".

- But unlike most so-called mass mailers, Nimda can infect Outlook and Outlook Express users who know better than to open strange attachments. By exploiting a bug in older versions of Internet Explorer discovered last March, the worm is able to infect victim computers when the email is read, or even displayed in Outlook's preview pane. A patch for the 'Microsoft IE MIME Header Attachment Execution Vulnerability' is available from Microsoft's web site.

- The worm also spreads by putting a specially crafted page on the web servers it infects. Users of older versions of Internet Explorer who haven't installed Microsoft's patch can be infected by merely visiting a web site that's already fallen prey to the worm.

- Once it's infected a machine, Nimda exposes local hard drives to the network, and spreads further through already-open file shares.


Solution:

Update your Internet Explorer and Outlook by downloading appropriate patches.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »