[plug] Telstra Nimba Worm Notification

Russell Hobman Russell.Hobman at watercorporation.com.au
Thu Sep 20 09:54:30 WST 2001 

Goodaye, thankyou for your advice. I received one of these yesterday,
however it did not take the form as described below. it was disguised as an
upgrade for a hardware driver with two attachments. one was a *.doc file
describing the install instructions for a self executing driver file. the
other file was an *.exe file, supposedly the hardware driver file. when I
scanned the files with "Norton's" it was revealed that  W32.Nimda was
embedded within the *.exe file, waiting for me to execute it. I deleted this
e-mail and the attachments immediately.

I'm just sending this advice in case someone receives something similar, I
would advise scanning every e-mail attachment you receive. regards, Russell.

> -----Original Message-----
> From:	garry [SMTP:bigbadbill at dingoblue.net.au]
> Sent:	Thursday, September 20, 2001 2:38 AM
> To:	plug at plug.org.au
> Subject:	[plug] Telstra Nimba Worm Notification
> 
> This was sent to a mate of mine, who uses ADSL. It's a bit wordy, but of
> interest.Garry.
> 
> ----- Original Message -----
> From: "Telstra BigPond Security" <security at bigpond.com >
> To: "Telstra BigPond members" <security at bigpond.com >
> Sent: Wednesday, September 19, 2001 6:17 AM
> Subject: Information on the Nimda Worm
> 
> Dear Telstra BigPond(TM) member, Telstra is alerting you to be wary of a
> fast-spreading worm. All Internet users, including BigPond members, may
> experience delays when surfing affected Web sites due to increased
> Internet traffic.
> 
> Telstra emphasises that the worm has not originated in its network. Nor is
> Telstra responsible for the spreading of this worm on any of its
> telecommunications networks.
> 
> The worm, called W32.Nimda, appears as a blank message with an attachment
> called 'readme.exe' or 'admin.dll'.
> 
> Nimda spreads through email and searches for shared network drives,
> seeking unpatched or vulnerable Microsoft Web servers (IIS or Internet
> Information Services), overloading them with Internet traffic.
> 
> The worm harvests email addresses from address books and sends itself to
> all addresses as an attachment called readme.exe or admin.dll.
> 
> Please delete any emails you receive with the readme.exe or admin.dll
> attachments and update your virus definitions to ensure that your system
> is protected.
> 
> You can guard against infection by upgrading to Internet Explorer 5.01
> Service Pack 2, or, version 5.5 Service Pack 2 at 
> http://windowsupdate.microsoft.com
> 
> Network controls implemented by Telstra today have already prevented
> several thousand attempts to spread the worm.
> 
> Once it has infected users' PCs, the Nimda worm exposes local hard drives
> to the Local Area Network (LAN).  All Internet users, including Telstra
> BigPond members, can see the alert at http://telstra.com/ServiceStatus .
> When viewing the service status page, please refresh your page to ensure
> you have the latest information.
> 
> The worm does not affect Netscape Navigator users. It is not yet confirmed
> whether MAC operating systems are vulnerable to this worm.
> 
> For more information, please visit our Virus FAQ's at
> http://www.bigpond.com/Home/Support/Help/FAQ/Viruses.asp
> 
> Telstra BigPond endeavours to notify you as regularly as possible with
> current security issues that may affect Telstra BigPond members.
> 
> > Regards, The Telstra BigPond(TM) team
> -------------------------------------------------------

More information about the plug mailing list