This recommended site has been moved. So it said when I clicked on the link. Will Remembering The Cherokee Peeks,NC 1740-1825 James to IT 1900-1993 Mary Elizabeth. >From: "jreece" <jreece@icx.net> >Reply-To: TNMEIGS-L@rootsweb.com >To: TNMEIGS-L@rootsweb.com >Subject: [{Meigs Co., TN}] List Administrator Message >Date: Tue, 18 Sep 2001 20:37:55 -0400 > > > >The lastest information from McAfee.com has the following: > >As always please contact me personally with any questions at >jreece@icx.net > > > > > > > Name: W32/Nimda@MM > > > > Characteristics: > > The information provided here is as of 3:00pm PDT September, 18, 2001. > > Please check back periodically for more information regarding this >threat. > > This threat can infect all unprotected users of Win9x/NT/2000/ME > > Its main goal is simply to spread over the Internet and Intranet, > > infecting as many users as possible and creating so much traffic that > > networks are virtually unusable. > > All end users and administrators running Microsoft Internet Explorer >(ver > > 5.01 or greater), are advised to install <A > > >href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/s > > ecurity/bulletin/MS01-020.asp">this patch</A> for the Incorrect MIME > > Header Can Cause IE to Execute E-mail Attachment vulnerability. > > All IIS administrators should also install <A > > >href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/s > > ecurity/bulletin/MS01-044.asp">this patch</A> (August 15, 2001 >Cumulative > > Patch for IIS) > > > > This is a mass-mailing worm, which also spreads via open shares, the <A > > >href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/s > > ecurity/bulletin/ms00-078.asp">Microsoft Web Folder Transversal > > vulnerability</A> (also used by W32/CodeBlue), and a Microsoft > > content-type spoofing vulnerability. It also attempts to create a share > > (c:), and checks for the presence of the trojan dropped by the > > W32/CodeRed.c worm > > The email attachment name varies and may use the icon for an Internet > > Explorer HTML document. > > The most significant methods of propagation are as follows: > > > > <LI>The email messages created by the worm specify a content-type of > > audio/x-wav with an executable attachment type. Thus when a message is > > accessed, the attachment can be executed without the user's knowledge. > > > > <LI>When infecting, it appends HTML documents with javascript code which > > opens a new browser window containing the infectious email message >itself > > (taken from the dropped file README.EML). Thus when this infected HTML >is > > accessed (locally or remotely) the machine viewing the page is then > > infected. > > > > Once infected, your system is used to seek out others to infect over the > > web. As this creates a lot of port scanning, this can cause a network > > traffic jam. > > It copies itself to the WINDOWS SYSTEM directory as LOAD.EXE and creates >a > > SYSTEM.INI entry to load itself at startup:Shell=explorer.exe > > load.exe -dontrunold > > Additional events are: > > - A MIME encoded version of the work is created in each folder on the > > drive (often as README.EML, can also be .NWS files)- Certain executable > > files are selected by the worm and altered. > > The virus contains the string : Concept Virus (CV) V.5, Copyright (C) >2001 > > R.P.China</LI> > > > > To check your system for this Virus, and to learn how to protect >yourself > > from computer viruses, visit the McAfee.com Clinic at > > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2103. > > > > For complete information on this Virus, view McAfee.com's Virus > > Information Library listing at > > http://vil.mcafee.com/dispVirus.asp?virus_k=99209. > > > > This email was sent to you by Joyce Reece, List Administrator > > > > > > >============================== >Add as many as 10 Good Years To Your Life >If you know how to reduce these risks. >http://www.thirdage.com/health/wecare/hearthealth/index.html > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp