North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Worm probes

  • From: Tim Winders
  • Date: Tue Sep 18 12:43:52 2001

Hash: SHA1

I just received this update from Sophos.  Perhaps this is the virus that
is spreading?

=== Tim

        Tim Winders, MCSE, CNE, CCNA
        Associate Dean of Information Technology
        South Plains College
        Levelland, TX  79336

        Phone:	806-894-9611 x 2369
        FAX:	806-894-1549
        Email:	[email protected]

Date: Tue, 18 Sep 2001 16:45:07 +0100 (BST)
From: Sophos Alert System <[email protected]>
Reply-To: [email protected]
To: Undisclosed recipients:  ;
Subject: Sophos Anti-Virus IDE alert:  W32/Nimda-A

Name: W32/Nimda-A
Type: W32 executable file virus
Date: 18 September 2001

A virus identity file (IDE) which provides protection is
available now from our website and will be incorporated
into the November 2001 (3.51) release of Sophos Anti-Virus.

Sophos has received many reports of this virus from the wild.


W32/Nimda-A is an email-aware virus that spreads using an
attached filename of README.EXE.

Sophos researchers are continuing to examine the virus and will
be posting a more detailed description of the virus on the
Sophos website once the analysis is complete.

Download the IDE file from

Read the analysis at

Download a ZIP file containing all the IDE files available for
the current version of Sophos Anti-Virus from

Read about how to use IDE files at

To unsubscribe from this service please visit

On Tue, 18 Sep 2001, Mark Radabaugh - Amplex wrote:

> Follow up...
> The web page on infected servers includes a script to send and open the
> file 'readme.exe' on windows machines.  I do not know the details of
> when the executable does yet.
> Mark
Version: GnuPG v1.0.6 (OSF1)
Comment: Made with pgp4pine 1.76