GFI Alert: Beware Of The New Nimda Virus

Mail essentials can block this new virus at server level

London, UK, 18 September 2001 – GFI, leading developer of email content checking & anti-virus software, warns of the new Nimda mass-mailing worm. GFI Security Labs have discovered that this virus, which replicates fast, has the alarming ability to run without user intervention. It can be blocked at server level by Mail essentials for Exchange/SMTP, GFI’s email content checking and anti-virus solution.

The Nimda worm is spreading rapidly by email and is transmitted as an attachment in the form of an executable file called readme.exe. It is activated in one of two ways: either by opening the attachment, or automatically. GFI Security Labs has discovered that Nimda can run without user intervention using an exploit in Microsoft Outlook discovered by Juan Carlos Cuartango and posted in a Microsoft Security Bulletin (MS01-020) on 29 March 2001 (see http://www.securityfocus.com/bid/2524). However, should this exploit fail, recipients can still be fooled into activating this virus, as it pops up a dialog window inviting the user to run it.

Once triggered, the Nimda worm sends itself out to all contacts in the recipient’s email address book. The Subject of the email carrying the Nimda work is random, whereas the email itself carried no message text. Because of its highly replicative nature, Nimda could clog mail servers.

Nimda is disseminated in more ways than one: It also seeks and infects IIS servers, as did the recent BlueCode worm. In this case, it defaces the victim’s web site. Worse still, ongoing research on the Nimda worm by GFI Security Labs points to the likelihood that any user vulnerable to this exploit who happens to access an infected site may become infected simply by visiting the defaced site.

“The Nimba virus has taken email threats one step further in its use of complex replication mechanisms and the fact that it is transmitted in a multitude of ways. It appears to be a concept virus and it has worked successfully. This suggests that Nimda variants and other similar email viruses are on their way and could possibly make use of new exploits. Email security at server level is an absolute must block this new threat,” advised David Vella, Product Manager, GFI.

“With Mail essentials, blocking this virus is easy: In the Mail essentials configuration, just add an Attachment Checking Rule to block executable attachments. This will block any incoming/outgoing infected mail, by quarantining any attachments which are .exe files.”

Mail essentials for Exchange/SMTP is an email content checking and anti-virus solution that removes all types of email-borne threats before they can affect an organization’s email users. Spam, viruses, dangerous attachments and offensive content can be removed before the email users can receive them. More information can be found at http://www.gfi.com/mesindex.htm. The full version of Mail essentials is available from $350.

GFI has six offices in the US, UK, Germany, France, Australia and Malta, and has a worldwide network of distributors. GFI is the developer of FAXmaker, Mail essentials and LANguard, and has supplied applications to clients such as Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, Caterpillar, BMW, the US IRS, and the USAF. GFI has won the Microsoft Fusion 2000 (GEM) Packaged Application Partner of the Year award, and was named one of 1999’s fastest growing software companies for Windows by Microsoft Corp. and CMP Media.




Share this