Make srikumar as your homepage

< >

   
 
Please check "WHAT IS NEW?"  to see new pages we are adding. Enjoy

CAD Free stuff | NRI | Jobs | Home pages Education | Movies | Games | Music | Indian Music | A  to Z topics | Science| Job Posting | What is New? |

 Engineering| Alumni | Health | Sports |Tourism |Computers | Business | Oman 123| 3D perspectives | Chat Free downloads |Shopping | Family | Comments
 

 
Home
Art of Living
CAD
Cooking
Education
Engineering
Freestuff
Feng Shui
 
< >
 
Games
Health
Question papers
Humour
House plans
Jobs
Interior Design
 
Jokes
Kids
Music
Movies
NRI
Oman123
 

Contact:
L.Srikumar Pai
B.Sc( Engg.), MIE, MIWWA, MICI
Civil Engineer & CAD Specialist
Web master

See my 3d perspectives using AutoCAD & 3DS Max.
3D Album
New

 

Information on the "Nimda" Worm


Summary: A new worm, officially called W32/Nimda@MM, is circulating on the Internet and affecting large numbers of customers using Windows operating systems. Microsoft is working with the anti-virus community and other security experts to thoroughly investigate the worm. If you haven't already installed the appropriate updates and/or patches, your computer can become infected.

Actions You Should Take


End Users

1. Prevent infection from email or infected Web sites by updating Internet Explorer as detailed below in the section titled "Email".

2. Prevent infection via file shares by ensuring that you have no unprotected file shares, as discussed below in the section titled "File Shares".

System Administrators

1. Ensure that all workstations on your network are protected against infection from email or infected Web sites by installing any of the updates listed in the section below titled "Email".

2. Protect Web servers by taking two steps:

  • Protect against the Code Red II worm, which leaves a "back door" that Nimda exploits, by installing any of the updates discussed below in the section titled "Web Servers". Servers that already have been infected can be cleaned using a tool Microsoft provides.
  • Block the "Web Server Folder Traversal" vulnerability by taking any of the steps listed below under "Web Servers"

3. Prevent spread through file shares by ensuring that your workstations and servers have no unprotected file shares, as discussed below in the section titled "File Shares".

Additional Information

The official name of the worm is W32/Nimda@MM, but it is generally referred to as the "Nimda" worm. It attempts to spread via three different means:

  • Email: Infected machines attempt to spread the infection to other users by sending copies of the worm via email.
  • Web servers: Infected machines attempt to pass the infection to web servers by either locating an already compromised server, or by exploiting a known security vulnerability in Internet Information Server. Once infected, a web server will attempt to infect the machines of any users that visit it.
  • File shares: Infected machines will search for systems that have been configured to allow anyone to add files to them and, upon finding such a machine, will insert infected files onto it.

Email

The worm spreads via email by sending a copy of itself within a mail that exploits the security vulnerability discussed in Microsoft Security Bulletin MS01-020. As the bulletin describes, the vulnerability lies in Internet Explorer, but can be exploited via email. Simply opening the email itself would be sufficient to infect the machine it would not be necessary to open an attachment.

Anti-virus vendors are currently developing updated scanning tools that will detect and disarm mails sent by the virus. But even in the absence of these tools, patches and updated versions of IE have been available for some time to eliminate the vulnerability. Customers who have installed any of the following updates would be at no risk of infection by email:

 

Web Servers

When the worm attacks IIS 4.0 and 5.0 Web servers, it does so through either of two means. First, it checks to see if the computer was previously compromised by the Code Red II worm, which creates a "back door" that any malicious user can use later to gain control of the system. If the Nimda worm finds such a computer, it simply uses the back door created by Code Red II to infect the system. Second, the worm attempts to exploit the "Web Server Folder Traversal" vulnerability. If it succeeds in exploiting this vulnerability, the worm uses it to infect the system.

A tool is available to remove the back door created by the Code Red II worm. However, the best course of action is to prevent the Code Red II worm altogether, by taking any of the following steps:

The "Web Server Folder Traversal" vulnerability can be blocked by taking any of the following actions:

  • Applying the patch provided in Microsoft Security Bulletin MS00-057
  • Applying the patch provided in Microsoft Security Bulletin MS00-078
  • Applying the patch provided in Microsoft Security Bulletin MS00-086
  • Applying the patch provided in Microsoft Security Bulletin MS01-026
  • Applying the patch provided in Microsoft Security Bulletin MS01-044
  • Installing Windows 2000 Service Pack 2
  • Installing the Windows NT 4.0 Security Roll-up Package
  • Running the IIS Lockdown Tool in its default mode
  • Installing the URLScan tool with its default ruleset.

Once a server is infected, it attempts to pass the infection to any machines that visit the web sites it hosts. Like the email vector, it does this using the vulnerability discussed in Microsoft Security Bulletin MS01-020. Customers who have taken any of the steps discussed in the section titled "Email" are fully protected against the web-borne vector as well.

 

File shares

The final means by which the worm tries to spread is through file shares. Windows systems can be configured to allow other users to read files from them or write files to them. By default, Windows systems only allow the authorized user of the system to access the files on it. However, if the worm finds a system that has been configured to allow other users to create files on it, it adds files that spread the infection.

To protect against infection via this vector, minimize the number of users who can access your file system. If you have file shares you do not need, remove them. For any remaining ones, ensure that you've given other users as few privileges as possible. Finally, if you're using Windows NT 4.0 or Windows 2000, make sure that you have a strong password for the Administrator account if you leave it blank, you've essentially given the world the ability to add files to your system. The Microsoft Personal Security Advisor (available for Windows NT 4.0 and Windows 2000) can help ensure that your system is securely configured.

 

More Resources

Microsoft is continuing to investigate this worm, and will provide updated information as we learn it. In the meantime, additional information is available from the following sources:

( Courtesy:Microsoft)     More Antivirus News


 

 
Contact
Site Search
Personality
Reiki
Real Estate 
Stories
TV
Toastmaster 
Vaastushastra
What is New?
 
< >
 
Free MP3
Results
AutoCAD Blocks
3D Max textures
Printer Drivers
Entrance Test
IAS Topper
 
Public Speaking
Shopping
Translation
 
 
 
 
 
 

 

 
We have provided links for the public use and not responsible for the contents of any site.

About us | Submit your site |Suggestions | A to Z topics |Advertising | Auctions | Alumni | Arts | Astrology | Animals | BusinessCooking CAD| Chat | Computers 
Environment | Education | Engineering | Family | Freebies | Fun | Games | Health | India | Jobs | Jokes |Kerala | Kids | NRI News |   Movies | Music | Medicine | Photography | Religion |
 Reference | Science | Shopping | Sports | Tenders | Tourism | Vaastu shastra | Women | World | Zoo
Copyright www.srikumar.com 2009-2010