New NIMDA Worm strikes hard

So-called concept virus in the wild and threatening worldwide havoc. If you're on IE 5.0 or 5.1, you might want to upgrade

Tuesday 18th of September saw the NIMDA Worm begin a spread that rivals Melissa and just about every other virus that's hit the Web in the last couple of years - and this one punches with both fists.

First, you can get it from a Web page if you're using an older browser that hasn't been patched, and, second, it can be sent to you in an email, just like Melissa.

Browser

NIMDA exploits a security vulnerability in older versions of Microsoft's Web browser that haven't had update patches applied. It resides in a small tag of JavaScript code that the worm can append to .html, .htm and .ASP files it finds on an infected IIS Web server - so far, it doesn't seem to be able to work its nefarious tricks on a UNIX or APACHE server.

In email form, be very wary of attached 80k files called README.EXE - indeed, you should always be wary of opening any attachment from anyone at all unless you're specifically expecting them - even more so if you know the person sending the email. It's likely that you'd be in their Outlook and other address books - which is exactly where nasty pieces of code like NIMDA look for their propagation addresses.

The precise workings of the NIMDA worm can be found here - we'd suggest you read it thoroughly and take whatever precautions necessary to avoid infection - and certainly consider upgrading if you're still using IE5.0 or 5.1, perhaps by installing AOL 6.0

Download Nimda finder and eradicator (executable code - download, then run)

David Dorn