RE: RE: Re: New Virus -NIMBDA

From: Andy Levy (andylevy@yahoo.com)
Date: Tue Sep 18 2001 - 23:47:45 EDT


We shut our links down too. But too late - it was one of our "reaction"
steps after learning we got slammed by it.

This thing attempts to exploit SIXTEEN vulnerabilities in various software
that could be installed on an NT/2000 box, including stuff related to the
Code Red worms. As I speak, some of my co-workers are rebuliding 13
servers. I lead a crew checking over 60 desktops in the span of about 2
hours. Fortunately, all those checked out clean.

I don't think we know how we got hit just yet. We have so many people
getitng into our network from remote (other companies we've acquired, field
agents, etc.) we may never really know.

Ronald Wong wrote:

> I agree Andy. There are various versions. I believe that this is some
> sort of derivative of the "Code Red" virus and there are versions that are
> server
> specific and others, such as I mentioned that are MS Outlook specific. My
> warning is a heads-up to all out there that get lackadaisical about these
> things. One hopes, after all the events of the past week, that people
> will be on their guard about any and all type of security issues, though
> this
> virus has nothing to do with those events. Our company shut down all
> links to the Internet this afternoon to prepare for this thing.
>
> Ron
> 00 PB SLT QC 4X2 5.9 46RE 3.92 LSD
> For modifications see my DML Profile (URL follows)
> http://www.twistedbits.net/WWWProfile/dakota/Kw9pV1EkFeOYY
>
>
> -----Original Message-----
> From: owner-dakota-truck@BUFFNET.NET
> [mailto:owner-dakota-truck@BUFFNET.NET]On Behalf Of Andy Levy
> Sent: Tuesday, September 18, 2001 8:16 PM
> To: dakota-truck-moderator@bent.twistedbits.net
> Subject: Re: DML: RE: Re: New Virus -NIMBDA
>
>
> It doesn't even need Outlook (Express) on some systems. There is no
> silver-bullet "shut this thing off" cure for this one.
>
> Ronald Wong wrote:
>
>> Both. Make sure you set security on high.
>>
>> Ron
>> 00 PB SLT QC 4X2 5.9 46RE 3.92 LSD
>> For modifications see my DML Profile (URL follows)
>> http://www.twistedbits.net/WWWProfile/dakota/Kw9pV1EkFeOYY
>>
>>
>> -----Original Message-----
>> From: owner-dakota-truck@BUFFNET.NET
>> [mailto:owner-dakota-truck@BUFFNET.NET]On Behalf Of KBSHADOW
>> Sent: Tuesday, September 18, 2001 7:02 PM
>> To: dakota-truck-moderator@bent.twistedbits.net
>> Subject: DML: Re: New Virus -NIMBDA
>>
>>
>> Ronald
>>
>> Will it infect outlook express also or just outlook.
>>
>> Thanks
>> Bob
>> Stockton Ca
>>
>>
>> ""Ronald Wong"" <ron-wong@home.com> wrote in message
>>
>>
>>
>>
>
> --
> -andy
> andylevy@yahoo.com
> Maintainer, DML FAQ - http://www.dakota-truck.net/faq/
> http://home.twcny.rr.com/andylevy/dakota/
> '99 CC 4x4 318 auto
>
>

-- 
-andy
andylevy@yahoo.com
Maintainer, DML FAQ - http://www.dakota-truck.net/faq/
http://home.twcny.rr.com/andylevy/dakota/
'99 CC 4x4 318 auto



This archive was generated by hypermail 2b29 : Fri Jun 20 2003 - 12:02:51 EDT