New threat against Windows computers.

Yet another worm/virus threat against Windows IIS 4.0 and 5.0 has started hitting hard. The initial threat assessment is "RED HOT" with threat level of "VERY HIGH, (rapidly increasing)"

The working name for this worm is "W32.nimda.a.mm"

It started about 9am eastern time Tuesday,September 18, 2001,.Mulitple sensors world-wide run by TruSecure corporation are getting multiple hundred hits per hour, and began at 9:08am.

The worm seems to be targeting IIS 4 and 5 boxes and tests boxes for multiple vulnerabilities including:
msadc (cmd.exe)
get_mem_bin
vti_bin owssvr.dll
Root.exe
CMD.EXE
../ (Unicode)
Getadmin.dll
Default.IDA
/Msoffice/ cltreq.asp

This is not code red or a code red variant.

Some more information about this worm here


(Published on 19-Sep-2001 09:28 by RossW, read 814 times)
Missed an article? Check the archives