News  
 

SystemPro News - 2001-09-19

Hello,

as you know, Adiscon's SystemPro News is published only occasionally when we think there are really important things. Unfortunately, we have such an issue right now. You might already have heard about a new virus outbreak, the "Nimda" worm.

This worm / virus hybrid is dangerous because it uses multiple methods to propagate. One of it is the ability to infect a user's PC by simply browsing to a web page. This is true for of unpatched Internet Explorer 5 in default settings. If you run that configuration, you are in high risk. Please note that the "Nimda" worm also tries to infect home pages of unpatched IIS systems. To do so, it uses the same vulnerabilities "Code Red" does. We already have seen a number of infected web pages in the wild.

Please note: even if you run only INTERNAL IIS web servers on your INTRANET, you need to protect them against these vulnerabilities. Otherwise, you could easily spread the new virus inside your organization!

Furthermore, our testing has revealed that the browser vulnerability can easily be used to do other malicious things. In fact, it is so easy that we expect a large number of maliceous web sites to follow that scheme soon.

As a quick measure, you can change your Internet zone security settings to "high". As to the best of our knowledge, this currently prevents this virus from spreading. You might, however, experience problems when viewing web pages because this will disable scripting.

We strongly urge all users to apply the latest Microsoft patches to their systems. Please note that this is equally important to corporate AND home users alike. Especialy home machines with DSL connections are primary targets for IIS attacks.

Please see this Microsoft advisory on how to handle the current "Nimda" worm. Again, installing the patches will not only secure you from "Nimda" but also the expected upcoming variants.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/Nimda.asp

This is one long URL!

Additional information on the related "Code Red" virus and how to remove it is also available at our web site at

http://www.windows-expert.net/faq/iis/How-to-remove-code-red.asp

We at Adiscon would like to thank all our readers for reading WebProNews. We hope you find this information useful. Be sure to check http://www.windows-expert.net for more great information.

Sincerely,
Rainer Gerhards

======================================================================
Invite your friends to subscribe to Adiscon SystemPro News provided
by http://www.windows-expert.net/Subscriptions/ 
======================================================================

WinSyslog
 Home
 Articles
 FAQ
 Windows XP
 Seminars Online
 Forums
 Books
 Links
 Newsletter Archive
 Web Server Check
 Contact Us
 Search
 

 



Printer Version Send this page to a friend

Copyright © 1988-2005 Adiscon GmbH All rights reserved.
Contact us via Secure Web Response | Privacy Policy
Topic Links: syslog