|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
On Sun, 11 Nov 2001, Matt Jezorek wrote:
> From: Matt Jezorek <matt@bluelinux.org>
> Well I have rulled out my computer for nimda seems that it is still putting
> .eml files on my server without samba shares maped, dont know what else to
> do on it.
Here is some of the info I found =>
From: Thomas Biege <thomas@suse.de>
To: <bugtraq@securityfocus.com>
Subject: SuSE Security Announcement: wmaker/WindowMaker (SuSE-SA:2001:032
IIS webservers and uploads a file called "readme.eml" which is being
downloaded by the client's browser. Some versions of the Internet
Explorer even execute this file without the user's knowledge. A
temporary workaround for sites that use a squid proxy to access the
internet would be to add these three lines to the /etc/squid.conf
file:
--------------
Date: Tue, 18 Sep 2001 18:49:43 -0600 (MDT)
From: Dave Ahmad <da@securityfocus.com>
X-Sender: <da@mail>
To: <bugtraq@securityfocus.com>
Subject: Nimda Worm
Once it finds a vulnerable IIS server, it installs itself in such a way
that visitors to the now-infected web site will be sent a copy of a .eml
file, which is a copy of the e-mail that gets sent. If the victim is
using Internet Explorer as their browser, and they are vulnerable to the
hole, they will execute the readme.exe attachment in the same way as if
they had viewed an infected e-mail message.
Also, look at SecurityFocus Newsletter #111
David Correa RHCE CCNA _ _ _ _ _ _ _ _ ___ ____ ____ _ _
tech@linux-tech.com | | |\ | | | \/ | |___ | |__|
http://www.linux-tech.com |___ | | \| |__| _/\_ | |___ |___ | |
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
[Home] [Fedora Announce] [Linux Crypto] [Kernel] [Netfilter] [Video for Linux] [Bugtraq] [USB] [Network Security] [Fedora Security]
|