** Virus Alert: W32.Nimda.A / aka BlueCode **
This information comes from the Symantec website:
W32.Nimda.A@mm is a mass-mailing worm that utilizes multiple methods to
spread itself. The worm sends itself out by email, searches for open network
shares, attempts to copy itself to unpatched or already vulnerable Microsoft IIS
web servers, and is a virus infecting both local files and files on remote
network shares.
The worm uses the Unicode Web Traversal exploit. A patch and information
regarding this exploit can be found at http://www.microsoft.com/technet/security/bulletin/ms00-078.asp.
When the worm arrives by email, the worm uses a MIME exploit allowing the virus
to be executed just by reading or previewing the file. Information and a patch
for this exploit can be found at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
Please note that the attachment MAY NOT be visible to you.
If you visit a compromised Web server, you will be prompted to download an .eml
(Outlook Express) email file, which contains the worm as an attachment. You can
disable "File Download" in your Internet Explorer internet security
zones to prevent this compromise.
Also, the worm will create open network shares on the infected computer,
allowing access to the system. During this process the worm creates the guest
account with Administrator privileges.
This virus distributes itself much like the SirCam virus, mass-mailing itself using your Email account. However, it can be spread through infected websites. Please make sure your virus definitions are updated!
If you do not run on a server, you may not be as affected should you download the virus. This virus attacks mainly Windows NT Server and WIndows 2000 Server machines that uses the Internet Information Server program.
The fix can be downloaded here or through Symantec's website. (Please right mouse click the link and choose the "Save Target As" option in order to download this file to your PC. The file is zipped, as some people were trying to run the file over the Internet. If you do not have WinZip on your PC, you can download it from www.winzip.com. After you have unzipped the file, open your My Computer on your desktop, find the file where you saved it on your hard drive and double click it to run.)