W32/Nimda@MM – Mass Mailing Internet Worm Scans HTTP Port 80; Code Red-Like Worm Can Cause Potential DDoS
BEAVERTON, Ore., Sept. 18 /PRNewswire/ — McAfee AVERT (Anti-Virus Emergency Response Team), a division of Network Associates, Inc. (Nasdaq: NETA), today assigned a HIGH-OUTBREAK risk assessment on the recently discovered Nimda worm. W32/Nimda@MM is a destructive mass-mailing (@mm) worm that sends copies of itself to all the e-mail addresses in the infected users’ address books. In addition, Nimda probes HTTP Port 80, including those on unpatched IIS servers. AVERT has received widespread reports of infections in Fortune 500 companies and corporations around the world, all indicating increased traffic to Port 80, a widely used HTTP Internet port.
W32/Nimda@MM is an Internet worm that propagates through e-mail, open shares and via HTTP Port 80. The worm itself is a compiled executable with varying file names.
Subject: (long string of letters)
Body of email: (HTML page; viewer should see nothing)
Attachment: (the filename varies – README.EXE is common)
Immediate information and cure for this virus can be found online at the McAfee AVERT site at http://vil.nai.com/vil/virussummary.asp?virus_k=99209 . McAfee recommends a multi-tiered approach to protection that includes products that scan both e-mail and Internet traffic. McAfee product users should update their systems from that page and use the 4.0.70 or later scanning engine to stop potential damage.
McAfee AVERT is one of the top-ranked anti-virus research organizations in the world, employing more than 90 researchers in offices on five continents. McAfee AVERT protects customers through McAfee AutoUpdate technology, which allows McAfee anti-virus software to check for updated information on new viruses, and download cures automatically as soon as they are available. Cures are developed by the combined efforts of McAfee AVERT researchers and McAfee AutoImmune technology, which applies advanced heuristics and sophisticated programming to automatically generate cures for previously undiscovered viruses.
McAfee is a division of Network Associates, Inc. that protects e-businesses from security breaches and virus attacks. McAfee has aggressively focused on the burgeoning mobile and wireless marketplace, developing the VirusScan Wireless family of products. McAfee is also actively addressing the service provider market through McAfee ASaP, which offers Internet security and virus protection. All McAfee products are backed by the world’s leading anti-virus research organization, McAfee AVERT (Anti-Virus Emergency Response Team), the team which first identified Melissa, Bubbleboy and Phage, the first wireless virus. For more information, McAfee can be reached at 800-338-8754 and on the Internet at http://www.mcafeeb2b.com or http://www.mcafeeasap.com .
With headquarters in Santa Clara, Calif., Network Associates, Inc. is a leading supplier of security and availability solutions for e-businesses. Network Associates is comprised of four product groups: McAfee, delivering world class anti-virus products; PGP Security, providing firewall, intrusion detection and encryption products; Sniffer Technologies, a leader in network and application management; and Magic Solutions, providing web-based service desk solutions. For more information, Network Associates can be reached at 972-308-9960 or on the Internet at http://www.nai.com .
NOTE: Network Associates, McAfee, PGP, Sniffer, VirusScan, WebShield, NetShield, GroupShield, PrimeSupport, Enterprise SecureCast and Magic Solutions are registered trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.