I just received an Email from McAfee regarding this latest virus...it is high risk. When I read the MO I found my self quite confused. It appears it can infect without the attachment being opened. Would those of you who can decipher this sort of techno-language post back (in English) as to how we can avoid the risk if one is not running a viri protection program?

Thanks in advance!

May all your dealings in life be win/win!

Whyzman

[This message has been edited by Whyzman (edited 09-19-2001).]

I was about to post my own link about this worm...it is VERY contagious and it seems, can spread by websites also.

The preview pane is enough to trigger it, so if you run OE, or Outlook, then turn off the preview....the heck with it here (http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html) is the page at Symantec and an excerpt:


Symantec Security Response has received a number of submissions on W32.Nimda.A.@mm and is rating it as a Category 4.

W32.Nimda.A@mm is a new mass-mailing worm that utilizes multiple methods to spread itself. The worm sends itself out by email, searches for open network shares, attempts to copy itself to unpatched or already vulnerable Microsoft IIS web servers, and is a virus infecting both local files and files on remote network shares.

The worm uses the Unicode Web Traversal exploit. A patch and information regarding this exploit can be found at .http://www.microsoft.com/technet/security/bulletin/ms00-078.asp (http://www.microsoft.com/technet/security/bulletin/ms00-078.asp).

When the worm arrives by email, the worm uses a MIME exploit allowing the virus to be executed just by reading or previewing the file. Information and a patch for this exploit can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

Users visiting compromised Web servers will be prompted to download an .eml (Outlook Express) email file, which contains the worm as an attachment. Users can disable 'File Download' in their internet security zones to prevent compromise.

Also, the worm will create open network shares on the infected computer, allowing access to the system. During this process the worm creates the guest account with Administrator privileges.


Type: Worm




It also seems that I forgot to answer your qustion in the first place...it explots a known issue with certain MS products, so that without the patch above, preview the email is the same as running it.....
------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.




[This message has been edited by mjc (edited 09-19-2001).]

Boy do I love my AOL in times like this http://www.PCGuide.com/ubb/biggrin.gif http://www.PCGuide.com/ubb/biggrin.gif http://www.PCGuide.com/ubb/cool.gif

------------------
If I tell you to think for yourself, then you're not doing it.
.
.
This is not directed at those asking questions in order to gain knowledge. That shows you are thinking.

Oh, yeah I forgot to mention...I got 302 hits on ZA in about 5 hours, from infected websites hammering it out.

Some other suggestions, TURN OFF ANY AUTOMATIC DOWNLOADS, turn off the preview in OE (unless you know you've been patched) and don't even bother looking at anyemail without a subject line...

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.