Symantec Hong Kong
 global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


© 1995-2006 Symantec Corporation.
All rights reserved.
Legal Notices
Updated Privacy Policy
press centre

Symantec warns of a level 4 computer worm: W32.Nimda.A.@mm


Hong Kong -- September 19 2001 -

WHAT
Discovered: September 18, 2001
Threat Assessment: Level 4 (severe)
Virus Name: W32.Nimda.A.@mm
Definitions: Certified definitions are available

DESCRIPTION
Symantec Security Response has received a number of submissions on W32.Nimda.A.@mm and is rating it as a Category 4.

W32.Nimda.A@mm is a new, very complex, mass-mailing worm that utilises multiple methods to spread itself. The worm sends itself out by email, searches for open network shares, and attempts to copy itself to un-patched Microsoft IIS web servers. The worm does this using the Unicode Web Traversal exploit. A patch and information regarding this exploit can be found at http://www.microsoft.com/technet/security/bulletin/ms00-078.asp

Users visiting compromised web servers will be prompted to download an .EML (Outlook Express) email file, which contains the worm as an attachment.

Also, the worm will create an open network share on the infected machine allowing access to the system.

RECOMMENDATIONS/PROTECTION
More information is posted on the Symantec Security Response web site: http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

PAYLOAD

  • Large scale e-mailing: Uses MAPI to send itself out as Readme.exe (Readme.exe will NOT be visible as an attachment in the email received)
  • Modifies files: Replaces multiple legitimate files with itself
  • Degrades performance: May cause system slowdown
  • Compromises security settings: Opens the C drive as a network share

ABOUT SYMANTEC
Symantec, a world leader in Internet security technology, provides a broad range of content and network security solutions to individuals and enterprises. The company is a leading provider of virus protection, vulnerability assessment, intrusion prevention, Internet content and e-mail filtering, remote management technologies and security services to enterprises around the world. Symantec's Norton brand of consumer security products leads the market in worldwide retail sales and industry awards. Headquartered in Cupertino, California, Symantec has worldwide operations in 37 countries. For more information, please visit www.symantec.com

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Centre at http://www.symantec.com/PressCenter