Virus Alert - W32/Nimda

W32/Nimda is a worm that arrives via email and uses IIS vulnerabilities to infect IIS servers and in turn use the infected servers to attack others. In email form W32/Nimda arrives with the attachment "readme.exe".

Make sure all machines running IIS have applied the latest Microsoft Security patches, available from the following link (Updated 9/19/01 3:19 pm):

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/Nimda.asp.

In some instances an infected file will be invoked and held open. Such files cannot be cleaned until they are closed. To clean these files the processes must be stopped, which may require using a utility such as Kill.exe. The files can then be scanned.

For more information see:

• From NAI: http://vil.nai.com/vil/virusSummary.asp?virus_k=99209.

This archive is not intended to be comprehensive. For a more complete virus library, please visit NAI's Virus Information Library at http://vil.nai.com.