Symantec - asia pacific
 global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


© 1995-2006 Symantec Corporation.
All rights reserved.
Legal Notices
Privacy Policy
press centre

Symantec WARNS of a computer worm: W32.Nimda.A.@mm


KUALA LUMPUR -- September 19, 2001 --


Date: September 19, 2001
Name: W32.Nimda.A.@mm
Threat Assessment: Level 4 (severe)
Description: Symantec Security Response has received a number of submissions on W32.Nimda.A.@mm and is rating it as a Category 4.

W32.Nimda.A@mm is a new, very complex, mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by email, searches for open network shares, and attempts to copy itself to unpatched Microsoft IIS web servers. The worm does this using the Unicode Web

Traversal exploit. A patch and information regarding this exploit can be found at http://www.microsoft.com/technet/security/bulletin/ms00-078.asp.

Users visiting compromised web servers will be prompted to download an EML (Outlook Express) email file, which contains the worm as an attachment.

Also, the worm will create an open network share on the infected machine allowing access to the system.

Payload:
- Large scale e-mailing: Uses MAPI to send itself out as Readme.exe (Readme.exe will NOT be visible as an attachment in the email received)
- Modifies files: Replaces multiple legitimate files with itself.
- Degrades performance: May cause system slowdown
- Compromises security settings: Opens the C drive as a network share

More information is posted on the Symantec Security Response web site:
http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

Definitions From Symantec: Certified definitions are available http://www.symantec.com/avcenter/
Symantec Security Response: Symantec Security Response is one of the industry's largest dedicated team of virus experts. With offices located in the United States, Japan, Australia and the Netherlands, the sun never sets on Symantec Security Response. The centre's mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats and educate the public on safe computing practices. As new computer viruses appear, Symantec Security Response develops identification and detection for these viruses and provides either a repair or delete operation, thus keeping users protected against the latest virus threats

http://securityresponse.symantec.com.

Symantec: Symantec, a world leader in Internet security technology, provides a broadrange of content and network security solutions to individuals andenterprises. The company is a leading provider of virus protection,firewall and virtual private networks, vulnerability management, intrusiondetection, Internet content and e-mail filtering, remote managementtechnologies and security services to enterprises around the world.Symantec's Norton brand of consumer security products leads the market inworldwide retail sales and industry awards. Headquartered in Cupertino,Calif., Symantec has worldwide operations in 37 countries. For moreinformation, please visit www.symantec.com.