[GFISEC] Nimda worm analysis

["Sandro Gauci" <sandro () gfi com>]

Hi all,

We posted the following description of the recent Nimda worm, which includes a few details I did not see on other posts:

"This new worm took everyone by surprise. It is one of the first few to infect both client and server computers, making 
it highly effective in spreading fast, and almost automatically, without the need for user intervention. It makes use 
of 2 security vulnerabilities in Microsoft products, the IIS Unicode Vulnerability, as well as another vulnerability in 
Internet Explorer and Windows Media Player 6.4 (which is included with Windows 2000). This worm also makes use of hosts 
previously infected by Code-Red II as well as infection through the NETBIOS protocol."

Further details : http://www.gfi.com/press/nimdaworm.htm

Kind Regards

Sandro Gauci
GFI Security Labs
http://www.gfi.com






GFI - Security & communications products for Windows NT/2000
http://www.gfi.com

**********************************************************
This mail was content checked for malicious code or viruses
by Mail essentials. Mail essentials for Exchange/SMTP is an
email security, content checking & anti-virus gateway that
removes all types of email-borne threats before they can affect
your email users. Spam, viruses, dangerous attachments & offensive
content can be removed before they reach your mail server.
In addition it has server-based email encryption, disclaimers
and other email features.
***********************************************************

In addition to Mail essentials, GFI also produces the FAXmaker
fax server product range & LANguard internet access control &
intrusion detection. For more information on our products please
visit http://www.gfi.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com