LISTSERV - MSMR-GRADS Archives

MSMR-GRADS Archives

MSMR Alumni/ae List

MSMR-GRADS@LISTSERV.UTA.EDU

	LISTSERV Archives
	MSMR-GRADS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	FW: FBI Probes New Computer Worm Hitting Users of Microsoft Softw are
From:	John Bassler <[log in to unmask]>
Reply To:	John Bassler <[log in to unmask]>
Date:	Wed, 19 Sep 2001 09:36:34 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (99 lines)

Yesterday I thought about alerting you(all) to this new virus (the "nimda"
worm), but decided not to, figuring you are all cautious people and unlikely
to open attachments from unknown sources. However, the article from the WSJ
that Michaela sent me says that you can get infected passively, just by
highlighting the message in the Inbox list when you have the Preview Pane
turned on! I have just turned that option off on my computer, and I urge you
to do the same. (It's an option on the View menu.)

John Bassler, Ph.D.
Director, MSMR Program
The University of Texas at Arlington
(817) 272-2340
[log in to unmask]

-----Original Message-----
From:   Michaela Mora [mailto:[log in to unmask]]
Sent:   Wednesday, September 19, 2001 9:30 AM
To:     [log in to unmask]; [log in to unmask]
Subject:        FBI Probes New Computer Worm Hitting Users of Microsoft
Software

September 19, 2001
Tech Center
FBI Probes New Computer Worm
Hitting Users of Microsoft Software
By TED BRIDIS and DON CLARK
Staff Reporters of THE WALL STREET JOURNAL


WASHINGTON-A rogue software program attacked computers world-wide with
remarkable aggressiveness, spreading so quickly that e-mail and Web browsing
was slowed or interrupted for many users.
U.S. Attorney General John Ashcroft said the eventual effect of the
virus-like software could prove to be worse than the broad disruptions
caused this summer by the "Code Red" software. The case was quickly turned
over to the Federal Bureau of Investigation, which already has been working
around the clock on last week's terrorist attacks here and in New York.
1Microsoft Servers Catch Code Red Virus as FedEx, Qwest Report Fresh Trouble
(Aug. 9)
2Second 'Code Red' Computer Worm Is Spreading Through the Internet (Aug. 6)
Mr. Ashcroft said there was "no evidence at this time" that the computer
attack was related to the airline crashes, and a reference within the
blueprints of the software suggests it may have originated in China.
Experts quickly dubbed the attack software "Nimda," which is "admin" spelled
backward. The virus-like code included a tainted file called "admin.dll"
that helps itself spread across computer networks within corporations.
Though it doesn't directly destroy data, Nimda adds or modifies so many
files that it is extremely difficult to remove from infected machines, said
Joe Hartmann, a research director for Trend Micro Inc., which supplies
antivirus programs.
Scott Blake, director of security strategy for
BindView Corp., a Houston maker of security-management software, said Nimda
also can spread when consumers visit Web pages that have been infected.
"It's significantly more aggressive than something like Code Red or Code Red
II, because it exploits multiple vulnerabilities and multiple methods of
attack," he said.
Security experts said Nimda was particularly insidious, because infected
messages have no regular subject line to identify them, and it activates
without users having to open an attachment. In Microsoft Corp.'s widely used
Outlook e-mail program, merely using a popular feature called the Preview
Pane, which allows users to see short excerpts of messages as they pass a
cursor down a list, is enough to start the infected code working.
"That makes it very dangerous," said Darwin Ammala, a security software
engineer for Harris Corp.
Makers of antivirus programs were expected to adapt their products quickly
to block infected messages from entering company e-mail systems, said April
Goostree, a virus research manager for McAfee.com Corp., which offers
antivirus services.
But Nimda may set some sort of record for the speed it traveled. "This is
what we call a well-written virus," said Steven Sundermeier, product manager
for Central Command Inc., another maker of antivirus software.
Some experts reported that the attacks slowed dramatically late Tuesday
afternoon and speculated that the software was programmed to spread only
during certain hours. Outside Washington, Riptech Inc., a security vendor
that monitors thousands of computers for federal agencies and private
corporations, said it noted a dramatic drop in attempted infections about
4:30 p.m. EDT. But Chief Executive Amit Yoran said it was unclear whether
that was the result of the software's programming or whether Internet
providers elsewhere in the world began filtering data traffic to mitigate
effects.
Mr. Yoran said that the software victimized computers another way: making
the infected machines easily accessible to hackers by modifying a special
user "guest" account on Windows machines. "It's got some really nasty
characteristics," Mr. Yoran said.
A Microsoft spokesman said it is studying Nimda, but believes that users
that have kept their products updated with the most recent antivirus patches
should experience few problems.


=====
When things are good, reflect
When things are bad, be brave!
Korean proverb

__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

ATOM RSS1 RSS2

LISTSERV.UTA.EDU