North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Worm probes

  • From: Tim Winders
  • Date: Tue Sep 18 12:43:52 2001

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just received this update from Sophos.  Perhaps this is the virus that
is spreading?

=== Tim

     **********************************************
        Tim Winders, MCSE, CNE, CCNA
        Associate Dean of Information Technology
        South Plains College
        Levelland, TX  79336

        Phone:	806-894-9611 x 2369
        FAX:	806-894-1549
        Email:	[email protected]
     **********************************************

Date: Tue, 18 Sep 2001 16:45:07 +0100 (BST)
From: Sophos Alert System <[email protected]>
Reply-To: [email protected]
To: Undisclosed recipients:  ;
Subject: Sophos Anti-Virus IDE alert:  W32/Nimda-A


Name: W32/Nimda-A
Type: W32 executable file virus
Date: 18 September 2001

A virus identity file (IDE) which provides protection is
available now from our website and will be incorporated
into the November 2001 (3.51) release of Sophos Anti-Virus.

Sophos has received many reports of this virus from the wild.

Description:

W32/Nimda-A is an email-aware virus that spreads using an
attached filename of README.EXE.

Sophos researchers are continuing to examine the virus and will
be posting a more detailed description of the virus on the
Sophos website once the analysis is complete.


Download the IDE file from
http://www.sophos.com/downloads/ide/nimda-a.ide

Read the analysis at
http://www.sophos.com/virusinfo/analyses/w32nimdaa.html

Download a ZIP file containing all the IDE files available for
the current version of Sophos Anti-Virus from
http://www.sophos.com/downloads/ide/ides.zip

Read about how to use IDE files at
http://www.sophos.com/downloads/ide/using.html

To unsubscribe from this service please visit
http://www.sophos.com/virusinfo/notifications



On Tue, 18 Sep 2001, Mark Radabaugh - Amplex wrote:

>
> Follow up...
>
> The web page on infected servers includes a script to send and open the
> file 'readme.exe' on windows machines.  I do not know the details of
> when the executable does yet.
>
> Mark
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OSF1)
Comment: Made with pgp4pine 1.76

iEYEARECAAYFAjundQUACgkQTPuHnIooYby+TwCfQcCXMSbLg1K/kmVXC9tS8DRR
e/AAn3wEKbB8Us2u2B39YBT5couH5EcE
=VXKa
-----END PGP SIGNATURE-----